CVE
- Id
- 25075
- CVE No.
- CVE-2007-1718
- Status
- Candidate
- Description
- CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a " " sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
- Phase
- Assigned (20070327)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 249465 | 25075 | CVE-2007-1718 | MISC:http://www.php-security.org/MOPB/MOPB-34-2007.html | View |
| 249466 | 25075 | CVE-2007-1718 | CONFIRM:http://us2.php.net/releases/5_2_2.php | View |
| 249467 | 25075 | CVE-2007-1718 | DEBIAN:DSA-1282 | View |
| 249468 | 25075 | CVE-2007-1718 | URL:http://www.debian.org/security/2007/dsa-1282 | View |
| 249469 | 25075 | CVE-2007-1718 | DEBIAN:DSA-1283 | View |
| 249470 | 25075 | CVE-2007-1718 | URL:http://www.debian.org/security/2007/dsa-1283 | View |
| 249471 | 25075 | CVE-2007-1718 | GENTOO:GLSA-200705-19 | View |
| 249472 | 25075 | CVE-2007-1718 | URL:http://security.gentoo.org/glsa/glsa-200705-19.xml | View |
| 249473 | 25075 | CVE-2007-1718 | MANDRIVA:MDKSA-2007:087 | View |
| 249474 | 25075 | CVE-2007-1718 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:087 | View |
| 249475 | 25075 | CVE-2007-1718 | MANDRIVA:MDKSA-2007:088 | View |
| 249476 | 25075 | CVE-2007-1718 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 | View |
| 249477 | 25075 | CVE-2007-1718 | MANDRIVA:MDKSA-2007:089 | View |
| 249478 | 25075 | CVE-2007-1718 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 | View |
| 249479 | 25075 | CVE-2007-1718 | MANDRIVA:MDKSA-2007:090 | View |
| 249480 | 25075 | CVE-2007-1718 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:090 | View |
| 249481 | 25075 | CVE-2007-1718 | REDHAT:RHSA-2007:0155 | View |
| 249482 | 25075 | CVE-2007-1718 | URL:http://rhn.redhat.com/errata/RHSA-2007-0155.html | View |
| 249483 | 25075 | CVE-2007-1718 | REDHAT:RHSA-2007:0153 | View |
| 249484 | 25075 | CVE-2007-1718 | URL:http://www.redhat.com/support/errata/RHSA-2007-0153.html | View |
| 249485 | 25075 | CVE-2007-1718 | REDHAT:RHSA-2007:0162 | View |
| 249486 | 25075 | CVE-2007-1718 | URL:http://www.redhat.com/support/errata/RHSA-2007-0162.html | View |
| 249487 | 25075 | CVE-2007-1718 | SUSE:SUSE-SA:2007:032 | View |
| 249488 | 25075 | CVE-2007-1718 | URL:http://www.novell.com/linux/security/advisories/2007_32_php.html | View |
| 249489 | 25075 | CVE-2007-1718 | UBUNTU:USN-455-1 | View |
| 249490 | 25075 | CVE-2007-1718 | URL:http://www.ubuntu.com/usn/usn-455-1 | View |
| 249491 | 25075 | CVE-2007-1718 | BID:23145 | View |
| 249492 | 25075 | CVE-2007-1718 | URL:http://www.securityfocus.com/bid/23145 | View |
| 249493 | 25075 | CVE-2007-1718 | OVAL:oval:org.mitre.oval:def:10951 | View |
| 249494 | 25075 | CVE-2007-1718 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10951 | View |
| 249495 | 25075 | CVE-2007-1718 | SECTRACK:1017946 | View |
| 249496 | 25075 | CVE-2007-1718 | URL:http://www.securitytracker.com/id?1017946 | View |
| 249497 | 25075 | CVE-2007-1718 | SECUNIA:24924 | View |
| 249498 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/24924 | View |
| 249499 | 25075 | CVE-2007-1718 | SECUNIA:24965 | View |
| 249500 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/24965 | View |
| 249501 | 25075 | CVE-2007-1718 | SECUNIA:25025 | View |
| 249502 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/25025 | View |
| 249503 | 25075 | CVE-2007-1718 | SECUNIA:25062 | View |
| 249504 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/25062 | View |
| 249505 | 25075 | CVE-2007-1718 | SECUNIA:25057 | View |
| 249506 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/25057 | View |
| 249507 | 25075 | CVE-2007-1718 | SECUNIA:24909 | View |
| 249508 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/24909 | View |
| 249509 | 25075 | CVE-2007-1718 | SECUNIA:25056 | View |
| 249510 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/25056 | View |
| 249511 | 25075 | CVE-2007-1718 | SECUNIA:25445 | View |
| 249512 | 25075 | CVE-2007-1718 | URL:http://secunia.com/advisories/25445 | View |
| 249513 | 25075 | CVE-2007-1718 | XF:php-mailfunction-header-injection(33516) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 56627 | JVNDB-2007-005319 | PHP-Nuke 用の Addressbook モジュールにおけるディレクトリトラバーサルの脆弱性 | PHP-Nuke 用の Addressbook モジュールの addressbook.php には、ディレクトリトラバーサルの脆弱性が存在します。 | CVE-2007-1720 | 25075 | 7.5 | http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005319.html | View |
