Vulnerability Details CVE-2007-5595
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.3%
CVSS Severity
CVSS v2 Score 5.1
References
- http://drupal.org/node/184315
- http://secunia.com/advisories/27292
- http://secunia.com/advisories/27352
- http://www.securityfocus.com/bid/26119
- http://www.vupen.com/english/advisories/2007/3546
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37264
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html
- http://drupal.org/node/184315
- http://secunia.com/advisories/27292
- http://secunia.com/advisories/27352
- http://www.securityfocus.com/bid/26119
- http://www.vupen.com/english/advisories/2007/3546
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37264
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html
Products affected by CVE-2007-5595
-
cpe:2.3:a:drupal:drupal:4.7.0
-
cpe:2.3:a:drupal:drupal:4.7.1
-
cpe:2.3:a:drupal:drupal:4.7.2
-
cpe:2.3:a:drupal:drupal:4.7.3
-
cpe:2.3:a:drupal:drupal:4.7.4
-
cpe:2.3:a:drupal:drupal:4.7.5
-
cpe:2.3:a:drupal:drupal:4.7.6
-
cpe:2.3:a:drupal:drupal:4.7.7
-
cpe:2.3:a:drupal:drupal:5.0
-
cpe:2.3:a:drupal:drupal:5.1
-
cpe:2.3:a:drupal:drupal:5.2