SA-2007-024 (17 October 2007) HTTP response splitting

Primary links

Advisory ID: DRUPAL-SA-2007-024
Project: Drupal core
Version: 4.6.x, 4.7.x, 5.x
Date: 2007-October-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: HTTP response splitting

In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache poisoning, cross-user defacement and injection of arbitrary code.

The official announcement for Drupal 4.7.x and 5.x is here, and the official patch for Drupal 4.7.x is here.

Considerations for Drupal 4.6

The same exploit is possible via the function drupal_goto(), and therefore Drupal 4.6 must be patched against this vulnerability, using the same approach as the official 4.7 patch.

SA-2007-024-4.6.patch

Featured Project

The Pulitzer Prizes
The Pulitzer Prizes, awarded annually since 1917, are regarded among the highest honors in U.S. print journalism, literary achievement and musical composition. The Openflows Community Technology Lab has recently finished a re-implementation of their 15-year-old website using Drupal on a Linux, Apache, and MySQL platform, using free software to make their existing data more accessible, and to allow for continued expansion of the website's features and content.

Our Clients are The Bottom Line

One of the key things that makes OCTL different from many other Free Software/Open Source consulting groups is that we have no investors. We built the company based on labor and the needs of our clients.

At the end of the day, our decisions are not based on what is in the best interests of share holders, but on the commitments and relationships we have with the companies and organizations we work with.