CVE-2002-0986
First published: Tue Sep 24 2002(Updated: )
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | =4.2.0 | |
| PHP | =4.1.0 | |
| PHP | =4.0.4 | |
| PHP | =4.0.5 | |
| PHP | =4.2.2 | |
| PHP | =4.0.3-patch1 | |
| PHP | =4.0.7 | |
| PHP | =4.0.2 | |
| PHP | =4.1.1 | |
| PHP | =4.0.1-patch1 | |
| PHP | =4.0 | |
| PHP | =4.0.1-patch2 | |
| PHP | =4.0.6 | |
| PHP | =4.1.2 | |
| PHP | =3.0.18 | |
| PHP | =4.2.1 | |
| PHP | =4.0.1 | |
| PHP | =4.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
- http://marc.info/?l=bugtraq&m=103011916928204&w=2
- http://marc.info/?l=bugtraq&m=105760591228031&w=2
- http://www.debian.org/security/2002/dsa-168
- http://www.kb.cert.org/vuls/id/410609
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
- http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
- http://www.osvdb.org/2160
- http://www.redhat.com/support/errata/RHSA-2002-213.html
- http://www.redhat.com/support/errata/RHSA-2002-214.html
- http://www.redhat.com/support/errata/RHSA-2002-243.html
- http://www.redhat.com/support/errata/RHSA-2002-244.html
- http://www.redhat.com/support/errata/RHSA-2002-248.html
- http://www.redhat.com/support/errata/RHSA-2003-159.html
- http://www.securityfocus.com/bid/5562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9959
Frequently Asked Questions
What is the severity of CVE-2002-0986?
CVE-2002-0986 is classified as a moderate severity vulnerability.
How do I fix CVE-2002-0986?
To mitigate CVE-2002-0986, upgrade your PHP version to 4.2.3 or later, which addresses the issue.
What are the affected PHP versions for CVE-2002-0986?
CVE-2002-0986 affects PHP versions from 4.0.1 to 4.2.2.
Can CVE-2002-0986 be exploited remotely?
Yes, CVE-2002-0986 can be exploited by remote attackers to manipulate email content.
What type of attacks can CVE-2002-0986 facilitate?
CVE-2002-0986 can allow attackers to use PHP as a spam proxy by injecting control characters in email headers.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/php
- canonical/php
- version/php/4.2.0
- version/php/4.1.0
- version/php/4.0.4
- version/php/4.0.5
- version/php/4.2.2
- version/php/4.0.3-patch1
- version/php/4.0.7
- version/php/4.0.2
- version/php/4.1.1
- version/php/4.0.1-patch1
- version/php/4.0
- version/php/4.0.1-patch2
- version/php/4.0.6
- version/php/4.1.2
- version/php/3.0.18
- version/php/4.2.1
- version/php/4.0.1
- version/php/4.0.3