Description

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.

Remediation

References

CVE-2014-5019

Related Vulnerabilities

phpMyAdmin Other Vulnerability (CVE-2007-2016)

Drupal Core 5.x Local File Inclusion (5.0 - 5.11)

WordPress Plugin Simple Contact Info Arbitrary File Deletion (1.1.9)

WordPress Plugin Click to Chat Cross-Site Scripting (1.6)

WordPress Plugin Translate WordPress with GTranslate Cross-Site Scripting (2.8.51)

Severity

Medium

Classification

CVE-2014-5019 CWE-20

Tags

Missing Update Known Vulnerabilities