CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.1.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
drupal drupal 6.31 |
||
drupal drupal 6.30 |
||
drupal drupal 6.3 |
||
drupal drupal 6.29 |
||
drupal drupal 6.28 |
||
drupal drupal 6.16 |
||
drupal drupal 6.15 |
||
drupal drupal 6.14 |
||
drupal drupal 6.13 |
||
drupal drupal 6.0 |
||
drupal drupal 6.6 |
||
drupal drupal 6.5 |
||
drupal drupal 6.4 |
||
drupal drupal 6.36 |
||
drupal drupal 6.23 |
||
drupal drupal 6.22 |
||
drupal drupal 6.21 |
||
drupal drupal 6.20 |
||
drupal drupal 6.9 |
||
drupal drupal 6.7 |
||
drupal drupal 6.35 |
||
drupal drupal 6.33 |
||
drupal drupal 6.27 |
||
drupal drupal 6.25 |
||
drupal drupal 6.19 |
||
drupal drupal 6.17 |
||
drupal drupal 6.12 |
||
drupal drupal 6.10 |
||
drupal drupal 6.37 |
||
drupal drupal 6.8 |
||
drupal drupal 6.34 |
||
drupal drupal 6.32 |
||
drupal drupal 6.26 |
||
drupal drupal 6.24 |
||
drupal drupal 6.2 |
||
drupal drupal 6.18 |
||
drupal drupal 6.11 |
||
drupal drupal 6.1 |