CVE-2002-1783

Sažetak

CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-09/0086.html
http://archives.neohapsis.com/archives/bugtraq/2002-09/0132.html
http://www.debian.org/security/2002/dsa-168
http://www.securityfocus.com/bid/5681
https://exchange.xforce.ibmcloud.com/vulnerabilities/10080

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:29

Objavljeno

31-12-2002 - 05:00