SA-2007-024 - Drupal Core - HTTP response splitting

2007-10-17T00:00:00
ID DRUPAL-SA-2007-024
Type drupal
Reporter Drupal Security Team
Modified 2007-10-17T00:00:00

Description

In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache poisoning, cross-user defacement and injection of arbitrary code.

Versions affected

  • Drupal 4.7.x before version 4.7.8.
  • Drupal 5.x before version 5.3.

Solution

Install the latest version:

  • If you are running Drupal 4.7.x then upgrade to Drupal 4.7.8.
  • If you are running Drupal 5.x then upgrade to Drupal 5.3.

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.

Reported by

The Drupal security team.