Lucene search
HistoryMar 23, 2003 - 12:00 a.m.
PHP Mail Function Header Spoofing
The remote host is running a version of PHP prior or equal to 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
#%NASL_MIN_LEVEL 70300
# [email protected]
# http://libpcap.net
#
# See the Nessus Scripts License for details
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(11444);
script_cve_id("CVE-2002-0985", "CVE-2002-0986");
script_bugtraq_id(5562);
script_version("1.20");
script_name(english:"PHP Mail Function Header Spoofing");
script_set_attribute(attribute:"synopsis", value:
"A remote web application can be used to forge data." );
script_set_attribute(attribute:"description", value:
"The remote host is running a version of PHP prior or equal to 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled." );
script_set_attribute(attribute:"solution", value:
"Contact your vendor for the latest PHP release." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/23");
script_set_attribute(attribute:"vuln_publication_date", value: "2003/07/30");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:php:php");
script_end_attributes();
summary["english"] = "Checks for version of PHP";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"(C) 2003-2021 [email protected]");
if ( ! defined_func("bn_random") )
script_dependencie("http_version.nasl");
else
script_dependencie("http_version.nasl", "redhat-RHSA-2002-214.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
if ( get_kb_item("CVE-2002-0985" ) ) exit(0);
port = get_http_port(default:80, embedded:TRUE);
if(get_port_state(port)) {
banner = get_http_banner(port:port);
if(!banner)exit(0);
if(egrep(pattern:".*PHP/([0-3]\..*|4\.[0-1]\..*|4\.2\.[0-2][^0-9])", string:banner)) {
security_warning(port);
}
}
Related
nessus
nessus
PHP < 4.2.x mail Function CRLF Injection
2002-07-22 00:00:00
RHEL 2.1 : php (RHSA-2002:214)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : php (MDKSA-2003:082-1)
2004-07-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 168-1 (PHP3, PHP4)
2008-01-17 00:00:00
PHP Mail Function Header Spoofing Vulnerability
2005-11-03 00:00:00
Debian Security Advisory DSA 168-1 (PHP3, PHP4)
2008-01-17 00:00:00
osv
osv
php - bypassing safe_mode, CRLF injection
2002-09-18 00:00:00
suse
suse
remote privilege escalation in mod_php4
2002-10-07 09:30:00
debian
debian
[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities
2002-09-18 13:40:51
[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities
2002-09-18 13:40:51
redhat
redhat
(RHSA-2002:214) php security update
2003-02-06 00:00:00
cve
cve
CVE-2002-0986
2002-09-24 04:00:00
CVE-2002-0985
2002-09-24 04:00:00
Related for PHP_MAIL_FUNC_HEADER_SPOOF.NASL