DebianDEBIAN:DLA-817-1:B005A[SECURITY] [DLA 817-1] libphp-phpmailer security update
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.951 High
EPSS
Percentile
99.3%
Package : libphp-phpmailer
Version : 5.1-1.3+deb7u1
CVE ID : CVE-2017-5223
Debian Bug : #853232
It was discovered that there was a local file disclosure vulnerability in
libphp-phpmailer, a email transfer class for PHP, where insufficient parsing of
HTML messages could potentially be used by attacker to read a local file.
For Debian 7 "Wheezy", this issue has been fixed in libphp-phpmailer version
5.1-1.3+deb7u1.
We recommend that you upgrade your libphp-phpmailer packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | all | libphp-phpmailer | < 5.2.9+dfsg-2+deb8u4 | libphp-phpmailer_5.2.9+dfsg-2+deb8u4_all.deb |
| Debian | 7 | all | libphp-phpmailer | < 5.1-1.3+deb7u1 | libphp-phpmailer_5.1-1.3+deb7u1_all.deb |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.951 High
EPSS
Percentile
99.3%