CVE-2005-3883 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-3883
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3883

Description: CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/23270 UBUNTU http://www.ubuntulinux.org/usn/usn-232-1/document_view TURBO http://www.turbolinux.com/security/2006/TLSA-2006-38.txt SUSE http://www.securityfocus.com/archive/1/archive/1/419504/100/0/threaded ST 1015296 SGI SAID Secunia Advisory: SA17763 Secunia Advisory: SA18054 Secunia Advisory: SA18198 Secunia Advisory: SA19832 Secunia Advisory: SA20951 Secunia Advisory: SA20210 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0276.html MISC http://bugs.php.net/bug.php?id=35307 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:238 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm http://www.php.net/release_5_1_0.php BID 15571

Return to the previous page.