Description

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

CVE-2007-5595

Related Vulnerabilities

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.14)

WordPress Plugin Floating Tweets Multiple Vulnerabilities (1.0.1)

Apache Tomcat Other Vulnerability (CVE-2002-1895)

WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Multiple Security Bypass Vulnerabilities (1.9.16)

WordPress Plugin Import all XML, CSV & TXT into WordPress Cross-Site Scripting (6.4.2)

Severity

Medium

Classification

CVE-2007-5595 CWE-113

Tags

Missing Update Known Vulnerabilities