PT-2002-2505 · Php · Php
Published
2002-12-31
·
Updated
2017-07-11
·
CVE-2002-1783
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PHP versions 4.2.1 through 4.2.3
Description
The issue allows remote attackers to modify HTTP headers for outgoing requests by injecting CRLF sequences into arguments passed to the (1) fopen or (2) file functions when allow url fopen is enabled.
Recommendations
For PHP versions 4.2.1 through 4.2.3, consider disabling the allow url fopen option as a temporary workaround to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Php