Description

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.

Remediation

References

CVE-2014-5019

Related Vulnerabilities

MySQL Numeric Errors Vulnerability (CVE-2006-3486)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-28439)

WordPress Plugin HDW WordPress Video Gallery Multiple Cross-Site Scripting Vulnerabilities (1.2)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6929)

Oracle Database Server CVE-2011-2239 Vulnerability (CVE-2011-2239)

Severity

Medium

Classification

CVE-2014-5019 CWE-20

Tags

Missing Update Known Vulnerabilities