CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2007-0889.html - | |
References | () http://secunia.com/advisories/25187 - Vendor Advisory | |
References | () http://secunia.com/advisories/25191 - Vendor Advisory | |
References | () http://secunia.com/advisories/25255 - Vendor Advisory | |
References | () http://secunia.com/advisories/25318 - Vendor Advisory | |
References | () http://secunia.com/advisories/25365 - | |
References | () http://secunia.com/advisories/25372 - | |
References | () http://secunia.com/advisories/25445 - | |
References | () http://secunia.com/advisories/25660 - | |
References | () http://secunia.com/advisories/26048 - | |
References | () http://secunia.com/advisories/26967 - | |
References | () http://secunia.com/advisories/27351 - | |
References | () http://security.gentoo.org/glsa/glsa-200705-19.xml - | |
References | () http://securityreason.com/securityalert/2672 - | |
References | () http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm - | |
References | () http://us2.php.net/releases/4_4_7.php - | |
References | () http://us2.php.net/releases/5_2_2.php - | |
References | () http://www.debian.org/security/2007/dsa-1295 - | |
References | () http://www.debian.org/security/2007/dsa-1296 - | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2007:102 - | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2007:103 - | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0349.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0355.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0888.html - | |
References | () http://www.securityfocus.com/archive/1/463596/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/23813 - | |
References | () http://www.securityfocus.com/bid/23818 - Patch | |
References | () http://www.securitytracker.com/id?1018022 - | |
References | () http://www.trustix.org/errata/2007/0017/ - | |
References | () http://www.ubuntu.com/usn/usn-462-1 - | |
References | () http://www.vupen.com/english/advisories/2007/2187 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/34413 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839 - | |
References | () https://rhn.redhat.com/errata/RHSA-2007-0348.html - |
Information
Published : 2007-05-09 00:19
Updated : 2024-11-21 00:30
NVD link : CVE-2007-2509
Mitre link : CVE-2007-2509
CVE.ORG link : CVE-2007-2509
JSON object : View
Products Affected
php
- php
CWE
CWE-20
Improper Input Validation