Description

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.

Remediation

References

CVE-2014-5019

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3307)

WordPress Plugin Advanced Custom Fields:reCAPTCHA Field Security Bypass (1.1.1)

SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244)

phpMyAdmin Other Vulnerability (CVE-2004-0129)

Jenkins Insufficient Verification of Data Authenticity Vulnerability (CVE-2015-7539)

Severity

Medium

Classification

CVE-2014-5019 CWE-20

Tags

Missing Update Known Vulnerabilities