Vulnerabilities > CVE-2015-5501 - 7PK - Security Features vulnerability in Aegirproject Hostmaster

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

aegirproject

CWE-254

NVD

Published: 2015-08-18

Updated: 2016-11-28

Summary

The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.

Vulnerable Configurations

Part	Description	Count
Application	Aegirproject Aegirproject Hostmaster 6.X-2.0 Aegirproject Hostmaster 6.X-2.1 Aegirproject Hostmaster 6.X-2.2 Aegirproject Hostmaster 6.X-2.3 Aegirproject Hostmaster 6.X-3.0	5

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://community.aegirproject.org/2.4
http://community.aegirproject.org/3.0-beta2
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/74759
https://www.drupal.org/node/2492317