| Vulnerability Name: | CVE-2002-2214 (CCN-29881) |
| Assigned: | 2002-06-27 |
| Published: | 2002-06-27 |
| Updated: | 2008-09-05 |
| Summary: | The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: CCN
Type: PHP Bug #15595
imap routines hang when "To" header is too large
Source: CONFIRM
Type: Exploit
http://bugs.php.net/bug.php?id=15595
Source: MITRE
Type: CNA
CVE-2002-2214
Source: CCN
Type: RHSA-2006-0567
php security update
Source: SECUNIA
Type: UNKNOWN
21202
Source: CCN
Type: PHP Web site
PHP
Source: REDHAT
Type: UNKNOWN
RHSA-2006:0567
Source: CCN
Type: Red Hat Bugzilla Bug 175040
CVE-2002-2214 PHP segfault imap_fetch_overview() (CVE-2002-2215, CVE-2003-1302, CVE-2003-1303). Also - Multiple PHP vulnerabilities (CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1490 CVE-2006-1990)
Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
Source: XF
Type: UNKNOWN
php-imapmimeheaderdecode-dos(29881)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:php:php:4.2:*:dev:*:*:*:*:*OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*AND cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |