Vulnerability Description
CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 3.0.14 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0086.htmlVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0132.htmlPatch
- http://www.debian.org/security/2002/dsa-168PatchVendor Advisory
- http://www.securityfocus.com/bid/5681Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10080
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0086.htmlVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0132.htmlPatch
- http://www.debian.org/security/2002/dsa-168PatchVendor Advisory
- http://www.securityfocus.com/bid/5681Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10080
FAQ
What is CVE-2002-1783?
CVE-2002-1783 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected ...
How severe is CVE-2002-1783?
CVE-2002-1783 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1783?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.