| Vulnerability Name: | CVE-2007-1900 (CCN-33510) | ||||||||||||||||||||
| Assigned: | 2007-04-07 | ||||||||||||||||||||
| Published: | 2007-04-07 | ||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||
| Summary: | CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-1900 Source: CCN Type: HP Security Bulletin HPSBUX02262 SSRT071447 HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) Source: HP Type: UNKNOWN SSRT071447 Source: CCN Type: SA24824 PHP "FILTER_VALIDATE_EMAIL" Filter Newline Injection Source: SECUNIA Type: Vendor Advisory 24824 Source: SECUNIA Type: UNKNOWN 25056 Source: SECUNIA Type: UNKNOWN 25057 Source: SECUNIA Type: UNKNOWN 25062 Source: SECUNIA Type: UNKNOWN 25445 Source: SECUNIA Type: UNKNOWN 25535 Source: SECUNIA Type: UNKNOWN 26231 Source: SECUNIA Type: UNKNOWN 27037 Source: SECUNIA Type: UNKNOWN 27102 Source: SECUNIA Type: UNKNOWN 27110 Source: GENTOO Type: UNKNOWN GLSA-200705-19 Source: SLACKWARE Type: UNKNOWN SSA:2007-152-01 Source: CCN Type: ASA-2007-416 HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) (HPSBUX02262) Source: DEBIAN Type: UNKNOWN DSA-1283 Source: DEBIAN Type: DSA-1283 php5 -- several vulnerabilities Source: CCN Type: GLSA-200705-19 PHP: Multiple vulnerabilities Source: CCN Type: GLSA-200710-02 PHP: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200710-02 Source: SUSE Type: UNKNOWN SUSE-SA:2007:032 Source: OSVDB Type: UNKNOWN 33962 Source: CCN Type: OSVDB ID: 33962 PHP ext/filter FILTER_VALIDATE_EMAIL Newline Injection Source: CCN Type: PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability Source: MISC Type: Vendor Advisory http://www.php-security.org/MOPB/PMOPB-45-2007.html Source: CCN Type: PHP Web site PHP 5.2.3 Release Announcement Source: CONFIRM Type: UNKNOWN http://www.php.net/releases/5_2_3.php Source: BID Type: UNKNOWN 23359 Source: CCN Type: BID-23359 PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability Source: TRUSTIX Type: UNKNOWN 2007-0023 Source: CCN Type: USN-455-1 PHP vulnerabilities Source: UBUNTU Type: UNKNOWN USN-455-1 Source: VUPEN Type: UNKNOWN ADV-2007-2016 Source: VUPEN Type: UNKNOWN ADV-2007-3386 Source: XF Type: UNKNOWN php-filtervalidateemail-header-injection(33510) Source: XF Type: UNKNOWN php-filtervalidateemail-header-injection(33510) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6067 Source: FEDORA Type: UNKNOWN FEDORA-2007-2215 Source: SUSE Type: SUSE-SA:2007:032 PHP security problems | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||