Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3883

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3883
Last Modified 18 Aug 2013 12:48:27
Published 29 Nov 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3883

Summary

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

Vulnerable Systems

Application

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5


References

BID - 15571

CONFIRM - http://www.php.net/release_5_1_0.php

SECUNIA - 17763

VUPEN - ADV-2006-2685

MISC - http://bugs.php.net/bug.php?id=35307

XF - php-mbsendmail-header-injection(23270)

UBUNTU - USN-232-1

TURBO - TLSA-2006-38

SUSE - SUSE-SA:2005:069

MANDRIVA - MDKSA-2005:238

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm

SECTRACK - 1015296

SECUNIA - 20951

SECUNIA - 20210

SECUNIA - 19832

SECUNIA - 18198

SECUNIA - 18054

REDHAT - RHSA-2006:0276

SGI - 20060501-01-U


Last Updated: 27 May 2016 10:41:05