Description
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.59)
WordPress Plugin Social Hashtags Cross-Site Scripting (3.0.0)
WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)
Oracle JRE CVE-2014-0453 Vulnerability (CVE-2014-0453)
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)