CVE-2006-2831

NameCVE-2006-2831
DescriptionDrupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1125

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
drupalsourcesarge4.5.3-6.1sarge1DSA-1125
drupalsource(unstable)4.5.8-1.1medium

Notes

Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
says he pulled in the entire patch for DRUPAL-SA-2006-007, which
fixes CVE-2006-2831.

Search for package or bug name: Reporting problems