Published: 29/11/2005 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

CRLF injection vulnerability in the mb_send_mail function in PHP prior to 5.1.0 might allow remote malicious users to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.0.7
php php 4.1.0
php php 4.2
php php 4.3.0
php php 4.3.1
php php 4.3.6
php php 4.3.7
php php 5.0.2
php php 5.0.3
php php 4.1.1
php php 4.1.2
php php 4.3.10
php php 4.3.11
php php 4.3.8
php php 4.3.9
php php 5.0.4
php php 5.0.5
php php 4.2.2
php php 4.2.3
php php 4.3.4
php php 4.3.5
php php 5.0.0
php php 5.0.1
php php 5.0
php php 4.0.6
php php 4.2.0
php php 4.2.1
php php 4.3.2
php php 4.3.3
php php 4.4.0
php php 4.4.1

Eric Romang discovered a local Denial of Service vulnerability in the handling of the ‘sessionsave_path’ parameter in PHP’s Apache 20 module By setting this parameter to an invalid value in an htaccess file, a local user could crash the Apache server (CVE-2005-3319) ...

Debian Bug report logs - #336654 PHP 505 contains unfixed security bugs Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 20:48:02 UTC Severity ...

Debian Bug report logs - #336645 PHP 441 fixes security bugs Package: php4; Maintainer for php4 is (unknown); Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 19:48:02 UTC Severity: grave Tags: security Found in version php4/4:4310-16 Fixed in version php4/4:442-1 Done: Adam Conrad <adconrad ...

Debian Bug report logs - #341368 CVE-2005-3883: Injection of arbitrary values into the To:-header of the md_send_mail() function Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inuti ...

Debian Bug report logs - #336004 CVE-2005-3319: mod_php DoS through sessionsave_path option Package: php4; Maintainer for php4 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Oct 2005 10:48:02 UTC Severity: important Tags: security Found in version php4/4:440-4 Fixed in version php4/4:442 ...

NVD-CWE-Other http://www.php.net/release_5_1_0.php http://bugs.php.net/bug.php?id=35307 http://www.securityfocus.com/bid/15571 http://secunia.com/advisories/17763 http://securitytracker.com/id?1015296 http://secunia.com/advisories/18054 http://secunia.com/advisories/18198 http://rhn.redhat.com/errata/RHSA-2006-0276.html http://secunia.com/advisories/19832 http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm http://secunia.com/advisories/20951 ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://www.turbolinux.com/security/2006/TLSA-2006-38.txt http://secunia.com/advisories/20210 http://www.mandriva.com/security/advisories?name=MDKSA-2005:238 http://www.vupen.com/english/advisories/2006/2685 https://www.ubuntu.com/usn/usn-232-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/23270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10332 http://www.securityfocus.com/archive/1/419504/100/0/threaded https://usn.ubuntu.com/232-1/https://nvd.nist.gov

CVE-2005-3883

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect