Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23148

HistoryApr 10, 2020 - 12:17 a.m.

CRLF Injection

2020-04-1000:17:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

php is vulnerable to CRLF Injection. A flaw was found in the PHP ‘ftp’ extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server.

CPENameOperatorVersion
phpeq5.1.4__1.el4s1.5
phpeq5.1.6__7.el5
phpeq5.1.6__11.el5
phpeq5.1.4__1.el4s1.4
phpeq5.1.4__1.el4s1.2
phpeq5.1.6__5.el5
phpeq5.1.4__1.el4s1.5
phpeq5.1.6__7.el5
phpeq5.1.6__11.el5
phpeq5.1.4__1.el4s1.4

Rows per page:

1-10 of 121

References

lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html

rhn.redhat.com/errata/RHSA-2007-0889.html

secunia.com/advisories/25187

secunia.com/advisories/25191

secunia.com/advisories/25255

secunia.com/advisories/25318

secunia.com/advisories/25365

secunia.com/advisories/25372

secunia.com/advisories/25445

secunia.com/advisories/25660

secunia.com/advisories/26048

secunia.com/advisories/26967

secunia.com/advisories/27351

security.gentoo.org/glsa/glsa-200705-19.xml

securityreason.com/securityalert/2672

support.avaya.com/elmodocs2/security/ASA-2007-231.htm

us2.php.net/releases/4_4_7.php

us2.php.net/releases/5_2_2.php

www.debian.org/security/2007/dsa-1295

www.debian.org/security/2007/dsa-1296

www.mandriva.com/security/advisories?name=MDKSA-2007:102

www.mandriva.com/security/advisories?name=MDKSA-2007:103

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2007-0349.html

www.redhat.com/support/errata/RHSA-2007-0355.html

www.redhat.com/support/errata/RHSA-2007-0888.html

www.securityfocus.com/archive/1/463596/100/0/threaded

www.securityfocus.com/bid/23813

www.securityfocus.com/bid/23818

www.securitytracker.com/id?1018022

www.trustix.org/errata/2007/0017/

www.ubuntu.com/usn/usn-462-1

www.vupen.com/english/advisories/2007/2187

access.redhat.com/errata/RHSA-2007:0348

exchange.xforce.ibmcloud.com/vulnerabilities/34413

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839

rhn.redhat.com/errata/RHSA-2007-0348.html

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

Related for VERACODE:23148

prion1 cve1 openvas17 ubuntucve1 debian2 nessus23 securityvulns1 oraclelinux3 osv1 centos4 redhat5 fedora2 ubuntu1 f52 suse1 gentoo1