CVE-2002-0986
6.5 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.028 Low
EPSS
Percentile
90.5%
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a “spam proxy.”
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
marc.info/?l=bugtraq&m=103011916928204&w=2
marc.info/?l=bugtraq&m=105760591228031&w=2
www.debian.org/security/2002/dsa-168
www.kb.cert.org/vuls/id/410609
www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
www.novell.com/linux/security/advisories/2002_036_modphp4.html
www.osvdb.org/2160
www.redhat.com/support/errata/RHSA-2002-213.html
www.redhat.com/support/errata/RHSA-2002-214.html
www.redhat.com/support/errata/RHSA-2002-243.html
www.redhat.com/support/errata/RHSA-2002-244.html
www.redhat.com/support/errata/RHSA-2002-248.html
www.redhat.com/support/errata/RHSA-2003-159.html
www.securityfocus.com/bid/5562
exchange.xforce.ibmcloud.com/vulnerabilities/9959
Related
6.5 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.028 Low
EPSS
Percentile
90.5%