CVE-2006-7087 - Vulnerability Details - OpenCVE

CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dotdeb	Dotdeb Php

Configuration 1 [-]

OR	cpe:2.3:a:dotdeb:dotdeb_php:4.4:::::::*
	cpe:2.3:a:dotdeb:dotdeb_php:4.4.3:::::::*
	cpe:2.3:a:dotdeb:dotdeb_php:4.4.4:::::::*
	cpe:2.3:a:dotdeb:dotdeb_php:5.0:::::::*
	cpe:2.3:a:dotdeb:dotdeb_php:5.1:::::::*
	cpe:2.3:a:dotdeb:dotdeb_php:5.2:::::::*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html
http://secunia.com/advisories/22877
http://www.dotdeb.org/news/severe_security_hole_in_php_packages
http://www.hardened-php.net/advisory_142006.139.html
http://www.securityfocus.com/archive/1/451528/100/0/threaded
http://www.securityfocus.com/archive/1/451839/100/0/threaded
http://www.securityfocus.com/bid/21075
http://www.vupen.com/english/advisories/2006/4531
https://exchange.xforce.ibmcloud.com/vulnerabilities/30251

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-28T00:00:00

Updated: 2024-08-07T20:50:06.262Z

Reserved: 2007-02-27T00:00:00

Link: CVE-2006-7087

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-02T21:18:00.000

Modified: 2024-11-21T00:24:21.467

Link: CVE-2006-7087

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.hardened-php.net/advisory_142006.139.html"}, {"name": "20061114 Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451528/100/0/threaded"}, {"name": "20061114 Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451839/100/0/threaded"}, {"name": "ADV-2006-4531", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4531"}, {"name": "dotdeb-mail-header-injection(30251)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30251"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dotdeb.org/news/severe_security_hole_in_php_packages"}, {"name": "22877", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22877"}, {"name": "21075", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21075"}, {"name": "20061114 Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7087", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.hardened-php.net/advisory_142006.139.html", "refsource": "MISC", "url": "http://www.hardened-php.net/advisory_142006.139.html"}, {"name": "20061114 Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451528/100/0/threaded"}, {"name": "20061114 Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451839/100/0/threaded"}, {"name": "ADV-2006-4531", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4531"}, {"name": "dotdeb-mail-header-injection(30251)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30251"}, {"name": "http://www.dotdeb.org/news/severe_security_hole_in_php_packages", "refsource": "CONFIRM", "url": "http://www.dotdeb.org/news/severe_security_hole_in_php_packages"}, {"name": "22877", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22877"}, {"name": "21075", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21075"}, {"name": "20061114 Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:50:06.262Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hardened-php.net/advisory_142006.139.html"}, {"name": "20061114 Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451528/100/0/threaded"}, {"name": "20061114 Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451839/100/0/threaded"}, {"name": "ADV-2006-4531", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4531"}, {"name": "dotdeb-mail-header-injection(30251)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30251"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dotdeb.org/news/severe_security_hole_in_php_packages"}, {"name": "22877", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22877"}, {"name": "21075", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21075"}, {"name": "20061114 Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7087", "datePublished": "2007-02-28T00:00:00", "dateReserved": "2007-02-27T00:00:00", "dateUpdated": "2024-08-07T20:50:06.262Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dotdeb:dotdeb_php:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "4EE50757-8BC6-41DF-857B-252E33ADCFF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotdeb:dotdeb_php:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "307064E3-F22C-4545-B58F-0EE4ACA5C62A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotdeb:dotdeb_php:4.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "7FEAA1B4-FE52-484D-90D0-E34711AE8F9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotdeb:dotdeb_php:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "26D1B6D6-02CE-4750-B85F-D29CB016F93C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotdeb:dotdeb_php:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "403102BE-90DE-4F58-BDE5-C1926D6A2C43", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotdeb:dotdeb_php:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "8FFDDCBE-EFED-47B7-A215-CF7E3EE748FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF (retorno de carro y salto de l\u00ednea) en la funci\u00f3n mail de Dotdeb PHP versiones anteriores a 5.2.0 Rev 3 permite a atacantes remotos evitar el esquema de protecci\u00f3n e inyectar cabeceras de correo electr\u00f3nico de su elecci\u00f3n mediante secuencias CRLF en la cadena de consulta, que se procesa mediante la variable PHP_SELF.\r\n"}], "id": "CVE-2006-7087", "lastModified": "2024-11-21T00:24:21.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22877"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dotdeb.org/news/severe_security_hole_in_php_packages"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.hardened-php.net/advisory_142006.139.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451528/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451839/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/21075"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4531"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22877"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dotdeb.org/news/severe_security_hole_in_php_packages"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.hardened-php.net/advisory_142006.139.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/451528/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/451839/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/21075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30251"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}