CVE - CVE-2007-1718

CVE-ID
CVE-2007-1718	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:23145 URL:http://www.securityfocus.com/bid/23145 CONFIRM:http://us2.php.net/releases/5_2_2.php DEBIAN:DSA-1282 URL:http://www.debian.org/security/2007/dsa-1282 DEBIAN:DSA-1283 URL:http://www.debian.org/security/2007/dsa-1283 GENTOO:GLSA-200705-19 URL:http://security.gentoo.org/glsa/glsa-200705-19.xml MANDRIVA:MDKSA-2007:087 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:087~~ (Obsolete source) MANDRIVA:MDKSA-2007:088 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:088~~ (Obsolete source) MANDRIVA:MDKSA-2007:089 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:089~~ (Obsolete source) MANDRIVA:MDKSA-2007:090 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:090~~ (Obsolete source) MISC:http://www.php-security.org/MOPB/MOPB-34-2007.html OVAL:oval:org.mitre.oval:def:10951 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10951 REDHAT:RHSA-2007:0153 URL:http://www.redhat.com/support/errata/RHSA-2007-0153.html REDHAT:RHSA-2007:0155 URL:http://rhn.redhat.com/errata/RHSA-2007-0155.html REDHAT:RHSA-2007:0162 URL:http://www.redhat.com/support/errata/RHSA-2007-0162.html SECTRACK:1017946 URL:http://www.securitytracker.com/id?1017946 SECUNIA:24909 URL:http://secunia.com/advisories/24909 SECUNIA:24924 URL:http://secunia.com/advisories/24924 SECUNIA:24965 URL:http://secunia.com/advisories/24965 SECUNIA:25025 URL:http://secunia.com/advisories/25025 SECUNIA:25056 URL:http://secunia.com/advisories/25056 SECUNIA:25057 URL:http://secunia.com/advisories/25057 SECUNIA:25062 URL:http://secunia.com/advisories/25062 SECUNIA:25445 URL:http://secunia.com/advisories/25445 SUSE:SUSE-SA:2007:032 URL:http://www.novell.com/linux/security/advisories/2007_32_php.html UBUNTU:USN-455-1 URL:http://www.ubuntu.com/usn/usn-455-1 XF:php-mailfunction-header-injection(33516) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33516
Assigning CNA
MITRE Corporation
Date Record Created
20070327	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070327)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)