------------SA-2007-024 - DRUPAL CORE - HTTP RESPONSE SPLITTING ------------
* Advisory ID: DRUPAL-SA-2007-024
* Project: Drupal core
* Version: 4.7.x, 5.x
* Date: 2007-October-17
* Security risk: Moderately critical
* Exploitable from: Remote
* Vulnerability: HTTP response splitting
------------DESCRIPTION------------
In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache poisoning, cross-user defacement and injection of arbitrary code.
------------VERSIONS AFFECTED------------
* Drupal 4.7.x before version 4.7.8.
* Drupal 5.x before version 5.3.
------------SOLUTION------------
Install the latest version:
* If you are running Drupal 4.7.x then upgrade to Drupal 4.7.8 [
http://ftp.drupal.org/files/projects/dr ... 7.8.tar.gz ].
* If you are running Drupal 5.x then upgrade to Drupal 5.3 [
http://ftp.drupal.org/files/projects/drupal-5.3.tar.gz ].
If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.
* To patch Drupal 4.7.7 use SA-2007-024-4.7.7.patch [
http://drupal.org/files/sa-2007-024/SA- ... .7.7.patch ].
* To patch Drupal 5.2 use SA-2007-024-5.2.patch [
http://drupal.org/files/sa-2007-024/SA- ... -5.2.patch ].
------------REPORTED BY------------
The Drupal security team.
------------CONTACT------------
The security contact for Drupal can be reached at security at drupal.org or via the form at [
http://drupal.org/contact ].