CVE-2007-1900
Vulnerability from cvelistv5
Published
2007-04-10 18:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:13:41.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "26231", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26231" }, { "name": "25056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25056" }, { "name": "27110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27110" }, { "name": "DSA-1283", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1283" }, { "name": "33962", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/33962" }, { "name": "GLSA-200705-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml" }, { "name": "ADV-2007-2016", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2016" }, { "name": "php-filtervalidateemail-header-injection(33510)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510" }, { "name": "GLSA-200710-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" }, { "name": "oval:org.mitre.oval:def:6067", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067" }, { "name": "25062", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25062" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html" }, { "name": "FEDORA-2007-2215", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html" }, { "name": "24824", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24824" }, { "name": "2007-0023", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0023/" }, { "name": "USN-455-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-455-1" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSA:2007-152-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_2_3.php" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "25535", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25535" }, { "name": "27102", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27102" }, { "name": "25445", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25445" }, { "name": "23359", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23359" }, { "name": "25057", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25057" }, { "name": "SUSE-SA:2007:032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-04-07T00:00:00", "descriptions": [ { "lang": "en", "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "26231", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26231" }, { "name": "25056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25056" }, { "name": "27110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27110" }, { "name": "DSA-1283", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1283" }, { "name": "33962", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/33962" }, { "name": "GLSA-200705-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml" }, { "name": "ADV-2007-2016", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2016" }, { "name": "php-filtervalidateemail-header-injection(33510)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510" }, { "name": "GLSA-200710-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" }, { "name": "oval:org.mitre.oval:def:6067", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067" }, { "name": "25062", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25062" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html" }, { "name": "FEDORA-2007-2215", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html" }, { "name": "24824", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24824" }, { "name": "2007-0023", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0023/" }, { "name": "USN-455-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-455-1" }, { "name": "ADV-2007-3386", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "27037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27037" }, { "name": "SSA:2007-152-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_2_3.php" }, { "name": "SSRT071447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "25535", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25535" }, { "name": "27102", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27102" }, { "name": "25445", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25445" }, { "name": "23359", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23359" }, { "name": "25057", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25057" }, { "name": "SUSE-SA:2007:032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1900", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "26231", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26231" }, { "name": "25056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25056" }, { "name": "27110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27110" }, { "name": "DSA-1283", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1283" }, { "name": "33962", "refsource": "OSVDB", "url": "http://www.osvdb.org/33962" }, { "name": "GLSA-200705-19", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml" }, { "name": "ADV-2007-2016", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2016" }, { "name": "php-filtervalidateemail-header-injection(33510)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510" }, { "name": "GLSA-200710-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" }, { "name": "oval:org.mitre.oval:def:6067", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067" }, { "name": "25062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25062" }, { "name": "http://www.php-security.org/MOPB/PMOPB-45-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html" }, { "name": "FEDORA-2007-2215", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html" }, { "name": "24824", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24824" }, { "name": "2007-0023", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0023/" }, { "name": "USN-455-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-455-1" }, { "name": "ADV-2007-3386", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "name": "27037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27037" }, { "name": "SSA:2007-152-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863" }, { "name": "http://www.php.net/releases/5_2_3.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_2_3.php" }, { "name": "SSRT071447", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "HPSBUX02262", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" }, { "name": "25535", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25535" }, { "name": "27102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27102" }, { "name": "25445", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25445" }, { "name": "23359", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23359" }, { "name": "25057", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25057" }, { "name": "SUSE-SA:2007:032", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1900", "datePublished": "2007-04-10T18:00:00", "dateReserved": "2007-04-10T00:00:00", "dateUpdated": "2024-08-07T13:13:41.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2007-1900\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-10T18:19:00.000\",\"lastModified\":\"2017-10-11T01:32:01.957\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n CRLF (retorno de carro y nueva l\u00ednea) en el filtro FILTER_VALIDATE_EMAIL en ext/filter de PHP 5.2.0 y 5.2.1 permite a atacantes locales o remotos dependiendo del contexto inyectar cabeceras de correo electr\u00f3nico de su elecci\u00f3n mediante una direcci\u00f3n de correo con un car\u00e1cter \u0027\\\\n\u0027, lo cual provoca que una expresi\u00f3n regular ignore la correspondiente parte de la cadena de direcci\u00f3n.\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\\nRed Hat Application Stack 1.\\n\",\"lastModified\":\"2007-04-16T00:00:00\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24824\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25056\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25057\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25062\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25445\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25535\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26231\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27037\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27102\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27110\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200705-19.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1283\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_32_php.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/33962\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.php-security.org/MOPB/PMOPB-45-2007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.php.net/releases/5_2_3.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23359\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trustix.org/errata/2007/0023/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-455-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2016\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3386\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33510\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html\",\"source\":\"cve@mitre.org\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.