ID CVE-2015-8476 Type cve Reporter NVD Modified 2016-12-05T22:03:57
Description
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
{"title": "CVE-2015-8476", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "published": "2015-12-16T16:59:05", "cvelist": ["CVE-2015-8476"], "viewCount": 3, "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8476", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3573d458e691d8373b44e7743cffc7d5", "key": "cpe"}, {"hash": "cecc62d1326abc4497d0150bd443b31f", "key": "cvelist"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "f5a9af96ee143bebf7559e34d0ba5211", "key": "description"}, {"hash": "7a2db9385a0820d13ebac197d45a422b", "key": "href"}, {"hash": "72c00754fbd975d97a6333f6922840b4", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "98e3fc5fa6a3d38797156c17d29beeaa", "key": "published"}, {"hash": "5a23dfdcbb1bda27de823ceb56479d0d", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "6ae7690675555a8da346c19d4cc62287", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-12-16T16:59:05", "cvelist": ["CVE-2015-8476"], "title": "CVE-2015-8476", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8476", "bulletinFamily": "NVD", "id": "CVE-2015-8476", "history": [], "scanner": [], "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:phpmailer_project:phpmailer:5.2.13", "cpe:/o:debian:debian_linux:7.0"], "modified": "2015-12-17T12:25:25", "hash": "d709b9ff5f710df5e50aeb8727256baedba896a988a7b39b1c1927857c2f66a0", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "viewCount": 1, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://www.debian.org/security/2015/dsa-3416", "https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0", "http://www.openwall.com/lists/oss-security/2015/12/05/1", "http://www.openwall.com/lists/oss-security/2015/12/04/5", "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14", "http://www.securityfocus.com/bid/78619"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6ae7690675555a8da346c19d4cc62287", "key": "title"}, {"hash": "463ff0c0e92fb088e450ef5d33d84ade", "key": "references"}, {"hash": "3573d458e691d8373b44e7743cffc7d5", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "98e3fc5fa6a3d38797156c17d29beeaa", "key": "published"}, {"hash": "7a2db9385a0820d13ebac197d45a422b", "key": "href"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a27d2f31a95286b09c23cc5ff2835938", "key": "modified"}, {"hash": "cecc62d1326abc4497d0150bd443b31f", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f5a9af96ee143bebf7559e34d0ba5211", "key": "description"}], "lastseen": "2016-09-03T23:25:20", "description": "Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T23:25:20"}], "scanner": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "modified": "2016-12-05T22:03:57", "hash": "e34864d8a07c9fa0bab80913fb613bfe85cf32c49527a64d341d8092aa720e7f", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:phpmailer_project:phpmailer:5.2.13", "cpe:/o:debian:debian_linux:7.0"], "edition": 2, "description": "Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.", "references": ["http://www.debian.org/security/2015/dsa-3416", "https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0", "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html", "http://www.openwall.com/lists/oss-security/2015/12/05/1", "http://www.openwall.com/lists/oss-security/2015/12/04/5", "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14", "http://www.securityfocus.com/bid/78619", "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html"], "id": "CVE-2015-8476", "lastseen": "2017-04-18T15:58:40", "assessment": {"name": "", "href": "", "system": ""}}
{"openvas": [{"lastseen": "2018-09-01T23:51:30", "references": ["http://www.debian.org/security/2015/dsa-3416.html"], "pluginID": "1361412562310703416", "description": "Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-12-13T00:00:00", "title": "Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703416", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3416.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3416-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703416\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-8476\");\n script_name(\"Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-13 00:00:00 +0100 (Sun, 13 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3416.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libphp-phpmailer on Debian Linux\");\n script_tag(name: \"insight\", value: \"Many PHP developers utilize email in\ntheir code. The only PHP function that supports this is the mail() function.\nHowever, it does not expose any of the popular features that many email clients\nuse nowadays like HTML-based emails and attachments. There are two proprietary\ndevelopment tools out there that have all the functionality built into\neasy to use classes: AspEmail(tm) and AspMail. Both of these\nprograms are COM components only available on Windows.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), this problem has been fixed in version 5.1-1.1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\");\n script_tag(name: \"summary\", value: \"Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.1-1.1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.2.9+dfsg-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:45:50", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html", "2015-39522"], "pluginID": "1361412562310807263", "description": "Check the version of php-PHPMailer", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-02-12T00:00:00", "title": "Fedora Update for php-PHPMailer FEDORA-2015-39522", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310807263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807263", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-PHPMailer FEDORA-2015-39522\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807263\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-12 06:14:58 +0100 (Fri, 12 Feb 2016)\");\n script_cve_id(\"CVE-2015-8476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-PHPMailer FEDORA-2015-39522\");\n script_tag(name: \"summary\", value: \"Check the version of php-PHPMailer\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"Full Featured Email Transfer Class for\n PHP. PHPMailer features:\n\n * Supports emails digitally signed with S/MIME encryption!\n * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs\n * Works on any platform.\n * Supports Text & HTML emails.\n * Embedded image support.\n * Multipart/alternative emails for mail clients that do not read\n HTML email.\n * Flexible debugging.\n * Custom mail headers.\n * Redundant SMTP servers.\n * Support for 8bit, base64, binary, and quoted-printable encoding. \n * Word wrap.\n * Multiple fs, string, and binary attachments (those from database,\n string, etc).\n * SMTP authentication.\n * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail,\n Imail, Exchange, etc.\n * Good documentation, many examples included in download.\n * It's swift, small, and simple.\");\n\n script_tag(name: \"affected\", value: \"php-PHPMailer on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2015-39522\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-PHPMailer\", rpm:\"php-PHPMailer~5.2.14~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-01T10:28:42", "references": ["https://advisories.mageia.org/MGASA-2015-0484.html"], "pluginID": "1361412562310131162", "description": "Mageia Linux Local Security Checks mgasa-2015-0484", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-12-28T00:00:00", "title": "Mageia Linux Local Check: mgasa-2015-0484", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310131162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131162", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0484.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131162\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-28 10:39:26 +0200 (Mon, 28 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0484\");\n script_tag(name:\"insight\", value:\"Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack (CVE-2015-8476).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0484.html\");\n script_cve_id(\"CVE-2015-8476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0484\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"php-phpmailer\", rpm:\"php-phpmailer~5.2.14~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-26T14:34:00", "references": ["https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md", "http://www.securityfocus.com/bid/78619"], "pluginID": "1361412562310108467", "description": "This host is running PHPMailer and is prone\n to a SMTP CRLF injection vulnerability.", "edition": 2, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-09-25T00:00:00", "title": "PHPMailer < 5.2.14 SMTP CRLF Injection Vulnerability", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-26T14:34:00", "vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310108467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108467", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmailer_smtp_crlf_inj.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# PHPMailer < 5.2.14 SMTP CRLF Injection Vulnerability\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmailer_project:phpmailer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108467\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2015-8476\");\n script_bugtraq_id(78619);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-25 09:59:32 +0200 (Tue, 25 Sep 2018)\");\n script_name(\"PHPMailer < 5.2.14 SMTP CRLF Injection Vulnerability\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_phpmailer_detect.nasl\");\n script_mandatory_keys(\"phpmailer/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/78619\");\n script_xref(name:\"URL\", value:\"https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md\");\n\n script_tag(name:\"summary\", value:\"This host is running PHPMailer and is prone\n to a SMTP CRLF injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists because PHPMailer allows to inject arbitrary SMTP\n commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php\n or (2) SMTP command to the sendCommand function in class.smtp.php.\");\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue to send arbitrary messages.\");\n\n script_tag(name:\"affected\", value:\"PHPMailer versions before 5.2.14 are vulnerable. \");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHPMailer 5.2.14 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\nversion = infos['version'];\nlocation = infos['location'];\n\nif( version_is_less( version:version, test_version:\"5.2.14\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"5.2.14\", install_url:location );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:52:35", "references": ["http://www.debian.org/security/2015/dsa-3416.html"], "pluginID": "703416", "description": "Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.", "edition": 2, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-12-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703416", "id": "OPENVAS:703416", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3416.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3416-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703416);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-8476\");\n script_name(\"Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-13 00:00:00 +0100 (Sun, 13 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3416.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libphp-phpmailer on Debian Linux\");\n script_tag(name: \"insight\", value: \"Many PHP developers utilize email in\ntheir code. The only PHP function that supports this is the mail() function.\nHowever, it does not expose any of the popular features that many email clients\nuse nowadays like HTML-based emails and attachments. There are two proprietary\ndevelopment tools out there that have all the functionality built into\neasy to use classes: AspEmail(tm) and AspMail. Both of these\nprograms are COM components only available on Windows.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), this problem has been fixed in version 5.1-1.1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\");\n script_tag(name: \"summary\", value: \"Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.1-1.1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.2.9+dfsg-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:08", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.9+dfsg-2+deb8u1", "arch": "all", "packageFilename": "libphp-phpmailer_5.2.9+dfsg-2+deb8u1_all.deb", "packageName": "libphp-phpmailer", "operator": "lt"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "5.1-1.1", "arch": "all", "packageFilename": "libphp-phpmailer_5.1-1.1_all.deb", "packageName": "libphp-phpmailer", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3416-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nDecember 13, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libphp-phpmailer\nCVE ID : CVE-2015-8476\nDebian Bug : 807265\n\nTakeshi Terada discovered a vulnerability in PHPMailer, a PHP library for\nemail transfer, used by many CMSs. The library accepted email addresses\nand SMTP commands containing line breaks, which can be abused by an\nattacker to inject messages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed in\nversion 5.1-1+deb6u11.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2015-12-13T19:12:06", "title": "[SECURITY] [DSA 3416-1] libphp-phpmailer security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:08", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8476"], "modified": "2015-12-13T19:12:06", "id": "DEBIAN:DSA-3416-1:9E6BC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00321.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-16T22:14:43", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "5.1-1+deb6u11", "arch": "all", "packageFilename": "libphp-phpmailer_5.1-1+deb6u11_all.deb", "packageName": "libphp-phpmailer", "operator": "lt"}], "description": "Package : libphp-phpmailer\nVersion : 5.1-1+deb6u11\nCVE ID : CVE-2015-8476\nDebian Bug : 807265\n\nIt was discovered that there was a header injection vulnerability in\nlibphp-phpmailer, am email transfer library for PHP.\n\nFor Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer\nversion 5.1-1+deb6u11.\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n\n", "edition": 1, "reporter": "Debian", "published": "2015-12-08T18:35:19", "title": "[SECURITY] [DLA 363-1] libphp-phpmailer security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:43", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8476"], "modified": "2015-12-08T18:35:19", "id": "DEBIAN:DLA-363-1:5F661", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201512/msg00004.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-11-13T17:12:34", "references": ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265", "https://www.debian.org/security/2015/dsa-3416", "https://packages.debian.org/source/wheezy/libphp-phpmailer", "https://packages.debian.org/source/jessie/libphp-phpmailer"], "pluginID": "87331", "description": "Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library for email transfer, used by many CMSs. The library accepted email addresses and SMTP commands containing line breaks, which can be abused by an attacker to inject messages.", "edition": 6, "reporter": "Tenable", "published": "2015-12-14T00:00:00", "title": "Debian DSA-3416-1 : libphp-phpmailer - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libphp-phpmailer", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3416.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3416. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87331);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-8476\");\n script_xref(name:\"DSA\", value:\"3416\");\n\n script_name(english:\"Debian DSA-3416-1 : libphp-phpmailer - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library\nfor email transfer, used by many CMSs. The library accepted email\naddresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libphp-phpmailer\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libphp-phpmailer\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3416\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libphp-phpmailer packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 5.1-1.1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-phpmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libphp-phpmailer\", reference:\"5.1-1.1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp-phpmailer\", reference:\"5.2.9+dfsg-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:02:18", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1289094", "http://www.nessus.org/u?873eedb3"], "pluginID": "89214", "description": "New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2016-03-04T00:00:00", "title": "Fedora 22 : php-PHPMailer-5.2.14-1.fc22 (2015-39522bb8c9)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-PHPMailer", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-39522BB8C9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-39522bb8c9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89214);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/03/04 16:00:57 $\");\n\n script_cve_id(\"CVE-2015-8476\");\n script_xref(name:\"FEDORA\", value:\"2015-39522bb8c9\");\n\n script_name(english:\"Fedora 22 : php-PHPMailer-5.2.14-1.fc22 (2015-39522bb8c9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1289094\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?873eedb3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-PHPMailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-PHPMailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-PHPMailer-5.2.14-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-PHPMailer\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:58:04", "references": ["https://packages.debian.org/source/squeeze-lts/libphp-phpmailer", "https://lists.debian.org/debian-lts-announce/2015/12/msg00004.html"], "pluginID": "87268", "description": "It was discovered that there was a header injection vulnerability in libphp-phpmailer, am email transfer library for PHP.\n\nFor Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer version 5.1-1+deb6u11.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-12-09T00:00:00", "title": "Debian DLA-363-1 : libphp-phpmailer security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libphp-phpmailer"], "id": "DEBIAN_DLA-363.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-363-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87268);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-8476\");\n\n script_name(english:\"Debian DLA-363-1 : libphp-phpmailer security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a header injection vulnerability in\nlibphp-phpmailer, am email transfer library for PHP.\n\nFor Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer\nversion 5.1-1+deb6u11.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/12/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libphp-phpmailer\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libphp-phpmailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-phpmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libphp-phpmailer\", reference:\"5.1-1+deb6u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:37:24", "references": ["http://www.nessus.org/u?087ee704", "https://bugzilla.redhat.com/show_bug.cgi?id=1289094"], "pluginID": "89363", "description": "New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2016-03-04T00:00:00", "title": "Fedora 23 : php-PHPMailer-5.2.14-1.fc23 (2015-abf9659276)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-PHPMailer", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-ABF9659276.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89363", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-abf9659276.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89363);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2016/03/04 16:10:31 $\");\n\n script_cve_id(\"CVE-2015-8476\");\n script_xref(name:\"FEDORA\", value:\"2015-abf9659276\");\n\n script_name(english:\"Fedora 23 : php-PHPMailer-5.2.14-1.fc23 (2015-abf9659276)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1289094\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?087ee704\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-PHPMailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-PHPMailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-PHPMailer-5.2.14-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-PHPMailer\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
