ID CVE-2007-5595
Summary CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:beta6:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:beta6:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:dev:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:dev:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 26-10-2018 - 14:13)
Impact:
Exploitability:
CWE CWE-113
CAPEC
  • HTTP Response Splitting
    This attack uses a maliciously-crafted HTTP request in order to cause a vulnerable web server to respond with an HTTP response stream that will be interpreted by the client as two separate responses instead of one. This is possible when user-controlled input is used unvalidated as part of the response headers. The target software, the client, will interpret the injected header as being a response to a second request, thereby causing the maliciously-crafted contents be displayed and possibly cached.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 26119
confirm http://drupal.org/node/184315
fedora FEDORA-2007-2649
secunia
  • 27292
  • 27352
vupen ADV-2007-3546
xf drupal-unspecified-response-splitting(37264)
Last major update 26-10-2018 - 14:13
Published 19-10-2007 - 23:17
Last modified 26-10-2018 - 14:13
Back to Top