5.1

CVE-2007-5595

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version >= 4.7.0 < 4.7.8
DrupalDrupal Version >= 5.0 < 5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.99% 0.781
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

http://secunia.com/advisories/27352
Third Party Advisory
http://www.securityfocus.com/bid/26119
Third Party Advisory
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html
Third Party Advisory
http://drupal.org/node/184315
Vendor Advisory
http://secunia.com/advisories/27292
Third Party Advisory
http://www.vupen.com/english/advisories/2007/3546
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/37264
Third Party Advisory
VDB Entry