Lucene search

[email protected]CVE-2007-5595

HistoryOct 19, 2007 - 11:17 p.m.

CVE-2007-5595

2007-10-1923:17:00

CWE-113

[email protected]

web.nvd.nist.gov

crlf injection

drupal_goto

http headers

http response splitting

vulnerability

security

drupal

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected configurations

NVD

Node

drupaldrupalRange4.7.0–4.7.8

drupaldrupalRange5.0–5.3

CPENameOperatorVersion
drupal:drupaldrupallt4.7.8
drupal:drupaldrupallt5.3

CPE	Name	Operator	Version
drupal:drupal	drupal	lt	4.7.8
drupal:drupal	drupal	lt	5.3

References

drupal.org/node/184315

secunia.com/advisories/27292

secunia.com/advisories/27352

www.securityfocus.com/bid/26119

www.vupen.com/english/advisories/2007/3546

exchange.xforce.ibmcloud.com/vulnerabilities/37264

www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2007-5595

cvelist1 ubuntucve1 nvd1 prion1 openvas4 fedora1 nessus2 freebsd1