PRIOn knowledge basePRION:CVE-2015-8476

HistoryDec 16, 2015 - 9:59 p.m.

Crlf injection

2015-12-1621:59:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.8%

JSON

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq7.0
debian_linuxeq6.0
phpmailerle5.2.13

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	7.0
debian_linux	eq	6.0
phpmailer	le	5.2.13

References

www.debian.org/security/2015/dsa-3416

www.openwall.com/lists/oss-security/2015/12/04/5

www.openwall.com/lists/oss-security/2015/12/05/1

www.securityfocus.com/bid/78619

github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0

github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14

lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.8%

JSON

Related for PRION:CVE-2015-8476