Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-5595

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Related bugs and status

CVE-2007-5595 (Candidate) is related to these bugs:

Bug #154811: [SA-2007-{24,25,26,29,30}] Fix for several security issues in drupal 5.2

Summary				In	Importance	Status
	154811	[SA-2007-{24,25,26,29,30}] Fix for several security issues in drupal 5.2		drupal5 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://drupal.org/node...
SECUNIA: 27292
FEDORA: FEDORA-2007-2649
BID: 26119
SECUNIA: 27352
VUPEN: ADV-2007-3546
XF: drupal-unspecified-res...