CVE-2007-1900

{"id": "CVE-2007-1900", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-10T18:19:00.000", "references": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24824", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25056", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25057", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25062", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25445", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25535", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26231", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27037", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27102", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27110", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200705-19.xml", "source": "cve@mitre.org"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1283", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2007_32_php.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/33962", "source": "cve@mitre.org"}, {"url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.php.net/releases/5_2_3.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23359", "source": "cve@mitre.org"}, {"url": "http://www.trustix.org/errata/2007/0023/", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-455-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2016", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3386", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\\n' character, which causes a regular expression to ignore the subsequent part of the address string."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF (retorno de carro y nueva l\u00ednea) en el filtro FILTER_VALIDATE_EMAIL en ext/filter de PHP 5.2.0 y 5.2.1 permite a atacantes locales o remotos dependiendo del contexto inyectar cabeceras de correo electr\u00f3nico de su elecci\u00f3n mediante una direcci\u00f3n de correo con un car\u00e1cter '\\n', lo cual provoca que una expresi\u00f3n regular ignore la correspondiente parte de la cadena de direcci\u00f3n."}], "lastModified": "2017-10-11T01:32:01.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99"}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\nRed Hat Application Stack 1.\n", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}