Description

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

Remediation

References

CVE-2016-3166

Related Vulnerabilities

Squid Out-of-bounds Write Vulnerability (CVE-2019-12519)

WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (2.0.6)

Apache HTTP Server Improper Locking Vulnerability (CVE-2004-0174)

MySQL CVE-2021-2122 Vulnerability (CVE-2021-2122)

WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.7.6)

Severity

Medium

Classification

CVE-2016-3166 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities