|
|
CVE Reference: CVE-2006-7087 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-7087 |
|
|
Description: CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/30251 SAID Secunia Advisory: SA22877 MISC http://www.hardened-php.net/advisory_142006.139.html FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html CONFIRM http://www.dotdeb.org/news/severe_security_hole_in_php_packages BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/451528/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/451839/100/0/threaded BID 21075 |
|
| Return to the previous page. |
