| Vulnerability Name: | CVE-2002-1783 (CCN-10080) | ||||||||
| Assigned: | 2002-09-09 | ||||||||
| Published: | 2002-09-09 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon May 06 2002 - 17:12:10 CDT CRLF Injection Source: BUGTRAQ Type: Vendor Advisory 20020909 PHP fopen() CRLF Injection Source: CCN Type: BugTraq Mailing List, Mon Sep 09 2002 - 16:23:01 CDT PHP fopen() CRLF Injection Source: BUGTRAQ Type: Patch 20020912 Re: PHP fopen() CRLF Injection Source: CCN Type: BugTraq Mailing List, Thu Sep 12 2002 - 11:32:36 CDT Re: PHP fopen() CRLF Injection Source: MITRE Type: CNA CVE-2002-1783 Source: DEBIAN Type: Patch, Vendor Advisory DSA-168 Source: DEBIAN Type: DSA-168 php -- bypassing safe_mode Source: CCN Type: OSVDB ID: 59760 PHP fopen / file Functions CRLF Injection Source: CCN Type: PHP Group Web site PHP: Hypertext Preprocessor Source: BID Type: Patch 5681 Source: CCN Type: BID-5681 PHP Function CRLF Injection Vulnerability Source: XF Type: UNKNOWN php-fopen-crlf-injection(10080) Source: XF Type: UNKNOWN php-fopen-crlf-injection(10080) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||