Vulnerability Description
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
CVSS Score
2.6
LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 4.0.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
- http://rhn.redhat.com/errata/RHSA-2007-0889.html
- http://secunia.com/advisories/25187Vendor Advisory
- http://secunia.com/advisories/25191Vendor Advisory
- http://secunia.com/advisories/25255Vendor Advisory
- http://secunia.com/advisories/25318Vendor Advisory
- http://secunia.com/advisories/25365
- http://secunia.com/advisories/25372
- http://secunia.com/advisories/25445
- http://secunia.com/advisories/25660
- http://secunia.com/advisories/26048
- http://secunia.com/advisories/26967
- http://secunia.com/advisories/27351
- http://security.gentoo.org/glsa/glsa-200705-19.xml
- http://securityreason.com/securityalert/2672
FAQ
What is CVE-2007-2509?
CVE-2007-2509 is a vulnerability with a CVSS score of 2.6 (LOW). CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earli...
How severe is CVE-2007-2509?
CVE-2007-2509 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2509?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.