• Advisory ID: DRUPAL-SA-2007-024
• Project: Drupal core
• Version: 4.7.x, 5.x
• Date: 2007-October-17
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: HTTP response splitting

Description

In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache poisoning, cross-user defacement and injection of arbitrary code.

Versions affected

• Drupal 4.7.x before version 4.7.8.
• Drupal 5.x before version 5.3.

Solution

Install the latest version:

• If you are running Drupal 4.7.x then upgrade to Drupal 4.7.8.
• If you are running Drupal 5.x then upgrade to Drupal 5.3.

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.

• To patch Drupal 4.7.7 use SA-2007-024-4.7.7.patch.
• To patch Drupal 5.2 use SA-2007-024-5.2.patch.

Reported by

The Drupal security team.

Contact

The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.