[Php-it] [Fwd: [Security announcements] SA-2007-024 - Drupal Core - HTTP response splitting]

michel michel at ziobudda.net
Thu Oct 18 00:27:07 CEST 2007 


-------- Original Message --------
Subject: 	[Security announcements] SA-2007-024 - Drupal Core - HTTP 
response splitting
Date: 	Wed, 17 Oct 2007 22:22:28 +0000 (UTC)
From: 	noreply at drupal.org
Reply-To: 	noreply at drupal.org
To: 	michel at ziobudda.net



------------SA-2007-024 - DRUPAL CORE - HTTP RESPONSE SPLITTING  ------------

 * Advisory ID: DRUPAL-SA-2007-024

 * Project: Drupal core

 * Version: 4.7.x, 5.x

 * Date: 2007-October-17

 * Security risk: Moderately critical

 * Exploitable from: Remote

 * Vulnerability: HTTP response splitting

------------DESCRIPTION------------

In some circumstances Drupal allows user-supplied data to become part of
response headers. As this user-supplied data is not always properly escaped,
this can be exploited by malicious users to execute HTTP response splitting
attacks which may lead to a variety of issues, among them cache poisoning,
cross-user defacement and injection of arbitrary code.

------------VERSIONS AFFECTED------------

 * Drupal 4.7.x before version 4.7.8.

 * Drupal 5.x before version 5.3.

------------SOLUTION------------

Install the latest version:

 * If you are running Drupal 4.7.x then upgrade to Drupal 4.7.8 [
http://ftp.drupal.org/files/projects/drupal-4.7.8.tar.gz ].

 * If you are running Drupal 5.x then upgrade to Drupal 5.3 [
http://ftp.drupal.org/files/projects/drupal-5.3.tar.gz ].

If you are unable to upgrade immediately, you can apply a patch to secure your
installation until you are able to do a proper upgrade. 

 * To patch Drupal 4.7.7 use SA-2007-024-4.7.7.patch [
http://drupal.org/files/sa-2007-024/SA-2007-024-4.7.7.patch ].

 * To patch Drupal 5.2 use SA-2007-024-5.2.patch [
http://drupal.org/files/sa-2007-024/SA-2007-024-5.2.patch ].

------------REPORTED BY------------

The Drupal security team.

------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or via
the form at [ http://drupal.org/contact ].



-- 
Unsubscribe from this newsletter: http://drupal.org/newsletter/confirm/remove/281d325ae79919t44


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ziobudda.net/pipermail/php-it/attachments/20071018/62fd8628/attachment.html

More information about the Php-it mailing list