CVE-2007-2509

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://secunia.com/advisories/25187 Vendor Advisory
http://secunia.com/advisories/25191 Vendor Advisory
http://secunia.com/advisories/25255 Vendor Advisory
http://secunia.com/advisories/25318 Vendor Advisory
http://secunia.com/advisories/25365
http://secunia.com/advisories/25372
http://secunia.com/advisories/25445
http://secunia.com/advisories/25660
http://secunia.com/advisories/26048
http://secunia.com/advisories/26967
http://secunia.com/advisories/27351
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://securityreason.com/securityalert/2672
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.debian.org/security/2007/dsa-1295
http://www.debian.org/security/2007/dsa-1296
http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
http://www.mandriva.com/security/advisories?name=MDKSA-2007:103
http://www.redhat.com/support/errata/RHSA-2007-0349.html
http://www.redhat.com/support/errata/RHSA-2007-0355.html
http://www.redhat.com/support/errata/RHSA-2007-0888.html
http://www.securityfocus.com/archive/1/463596/100/0/threaded
http://www.securityfocus.com/bid/23813
http://www.securityfocus.com/bid/23818 Patch
http://www.securitytracker.com/id?1018022
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-462-1
http://www.vupen.com/english/advisories/2007/2187
https://exchange.xforce.ibmcloud.com/vulnerabilities/34413
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839
https://rhn.redhat.com/errata/RHSA-2007-0348.html
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://secunia.com/advisories/25187 Vendor Advisory
http://secunia.com/advisories/25191 Vendor Advisory
http://secunia.com/advisories/25255 Vendor Advisory
http://secunia.com/advisories/25318 Vendor Advisory
http://secunia.com/advisories/25365
http://secunia.com/advisories/25372
http://secunia.com/advisories/25445
http://secunia.com/advisories/25660
http://secunia.com/advisories/26048
http://secunia.com/advisories/26967
http://secunia.com/advisories/27351
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://securityreason.com/securityalert/2672
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.debian.org/security/2007/dsa-1295
http://www.debian.org/security/2007/dsa-1296
http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
http://www.mandriva.com/security/advisories?name=MDKSA-2007:103
http://www.redhat.com/support/errata/RHSA-2007-0349.html
http://www.redhat.com/support/errata/RHSA-2007-0355.html
http://www.redhat.com/support/errata/RHSA-2007-0888.html
http://www.securityfocus.com/archive/1/463596/100/0/threaded
http://www.securityfocus.com/bid/23813
http://www.securityfocus.com/bid/23818 Patch
http://www.securitytracker.com/id?1018022
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-462-1
http://www.vupen.com/english/advisories/2007/2187
https://exchange.xforce.ibmcloud.com/vulnerabilities/34413
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839
https://rhn.redhat.com/errata/RHSA-2007-0348.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:30

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html -
References () http://rhn.redhat.com/errata/RHSA-2007-0889.html - () http://rhn.redhat.com/errata/RHSA-2007-0889.html -
References () http://secunia.com/advisories/25187 - Vendor Advisory () http://secunia.com/advisories/25187 - Vendor Advisory
References () http://secunia.com/advisories/25191 - Vendor Advisory () http://secunia.com/advisories/25191 - Vendor Advisory
References () http://secunia.com/advisories/25255 - Vendor Advisory () http://secunia.com/advisories/25255 - Vendor Advisory
References () http://secunia.com/advisories/25318 - Vendor Advisory () http://secunia.com/advisories/25318 - Vendor Advisory
References () http://secunia.com/advisories/25365 - () http://secunia.com/advisories/25365 -
References () http://secunia.com/advisories/25372 - () http://secunia.com/advisories/25372 -
References () http://secunia.com/advisories/25445 - () http://secunia.com/advisories/25445 -
References () http://secunia.com/advisories/25660 - () http://secunia.com/advisories/25660 -
References () http://secunia.com/advisories/26048 - () http://secunia.com/advisories/26048 -
References () http://secunia.com/advisories/26967 - () http://secunia.com/advisories/26967 -
References () http://secunia.com/advisories/27351 - () http://secunia.com/advisories/27351 -
References () http://security.gentoo.org/glsa/glsa-200705-19.xml - () http://security.gentoo.org/glsa/glsa-200705-19.xml -
References () http://securityreason.com/securityalert/2672 - () http://securityreason.com/securityalert/2672 -
References () http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm - () http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm -
References () http://us2.php.net/releases/4_4_7.php - () http://us2.php.net/releases/4_4_7.php -
References () http://us2.php.net/releases/5_2_2.php - () http://us2.php.net/releases/5_2_2.php -
References () http://www.debian.org/security/2007/dsa-1295 - () http://www.debian.org/security/2007/dsa-1295 -
References () http://www.debian.org/security/2007/dsa-1296 - () http://www.debian.org/security/2007/dsa-1296 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:102 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:102 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:103 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:103 -
References () http://www.redhat.com/support/errata/RHSA-2007-0349.html - () http://www.redhat.com/support/errata/RHSA-2007-0349.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0355.html - () http://www.redhat.com/support/errata/RHSA-2007-0355.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0888.html - () http://www.redhat.com/support/errata/RHSA-2007-0888.html -
References () http://www.securityfocus.com/archive/1/463596/100/0/threaded - () http://www.securityfocus.com/archive/1/463596/100/0/threaded -
References () http://www.securityfocus.com/bid/23813 - () http://www.securityfocus.com/bid/23813 -
References () http://www.securityfocus.com/bid/23818 - Patch () http://www.securityfocus.com/bid/23818 - Patch
References () http://www.securitytracker.com/id?1018022 - () http://www.securitytracker.com/id?1018022 -
References () http://www.trustix.org/errata/2007/0017/ - () http://www.trustix.org/errata/2007/0017/ -
References () http://www.ubuntu.com/usn/usn-462-1 - () http://www.ubuntu.com/usn/usn-462-1 -
References () http://www.vupen.com/english/advisories/2007/2187 - () http://www.vupen.com/english/advisories/2007/2187 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34413 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34413 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839 -
References () https://rhn.redhat.com/errata/RHSA-2007-0348.html - () https://rhn.redhat.com/errata/RHSA-2007-0348.html -

Information

Published : 2007-05-09 00:19

Updated : 2024-11-21 00:30


NVD link : CVE-2007-2509

Mitre link : CVE-2007-2509

CVE.ORG link : CVE-2007-2509


JSON object : View

Products Affected

php

  • php
CWE
CWE-20

Improper Input Validation