HTTP response splitting in Drupal - #VU557
Published: September 20, 2016
Vulnerability identifier: #VU557
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-113
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to perform HTTP response splitting attack.
The weakness exists due to response headers error. In such cases user-supplied data are used in the response headers that enables attackers to conduct HTTP response splitting attack.
Successful vulnerability leads to HTTP response splitting that may result in variety of coincidences: cache poisoning, cross-user defacement and injection of arbitrary code.
The weakness exists due to response headers error. In such cases user-supplied data are used in the response headers that enables attackers to conduct HTTP response splitting attack.
Successful vulnerability leads to HTTP response splitting that may result in variety of coincidences: cache poisoning, cross-user defacement and injection of arbitrary code.
Remediation
Update 4.7.x to 4.7.8.
http://ftp.drupal.org/files/projects/drupal-4.7.8.tar.gz
Update 5.x to 5.3.
http://ftp.drupal.org/files/projects/drupal-5.3.tar.gz
http://ftp.drupal.org/files/projects/drupal-4.7.8.tar.gz
Update 5.x to 5.3.
http://ftp.drupal.org/files/projects/drupal-5.3.tar.gz