Vulnerability Details : CVE-2007-1900
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
Threat overview for CVE-2007-1900
Top countries where our scanners detected CVE-2007-1900
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-1900 2,823
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-1900!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-1900
Probability of exploitation activity in the next 30 days: 0.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-1900
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2007-1900
-
Red Hat 2007-04-16Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
-
http://security.gentoo.org/glsa/glsa-200705-19.xml
PHP: Multiple vulnerabilities (GLSA 200705-19) — Gentoo security
- http://www.novell.com/linux/security/advisories/2007_32_php.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
- http://www.vupen.com/english/advisories/2007/2016
-
http://www.trustix.org/errata/2007/0023/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.securityfocus.com/bid/23359
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33510
- http://www.php.net/releases/5_2_3.php
- http://www.ubuntu.com/usn/usn-455-1
-
http://www.vupen.com/english/advisories/2007/3386
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
-
http://www.php-security.org/MOPB/PMOPB-45-2007.html
Vendor Advisory
- http://www.debian.org/security/2007/dsa-1283
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*