Computer Security
[EN] securityvulns.ru no-pyccku


PHP mail() function invalid characters processing
Published:29.03.2007
Source:
SecurityVulns ID:7491
Type:library
Threat Level:
5/10
Description:Unfiltered \r\n and \0 characters allows strings injection and header truncation.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.)
 CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.)
Original documentdocumentPHP-SECURITY, MOPB-34-2007:PHP mail() Header Injection Through Subject and To Parameters (29.03.2007)
 documentPHP-SECURITY, MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation (29.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod