CVE-2007-5595

MEDIUM Year: 2007
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-113
View all →

Vulnerability Description

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Related Vulnerabilities

CVE-2019-25101

CRITICAL
CVSS:9.8(Critical)

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The mani...

CWE-1132019

CVE-2024-54021

CRITICAL
CVSS:9.8(Critical)

An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized...

CWE-1132024

CVE-2018-0689

HIGH
CVSS:8.8(High)

HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA ...

CWE-1132018

CVE-2018-11347

HIGH
CVSS:8.8(High)

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Head...

CWE-1132018

CVE-2018-13814

HIGH
CVSS:8.8(High)

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F...

CWE-1132018

CVE-2021-40336

HIGH
CVSS:8.8(High)

A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an atta...

CWE-1132021