CVE-2007-1717
CVE-2007-1717
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/29784unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://secunia.com/advisories/25056http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/33518http://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-33-2007.htmlhttp://www.securityfocus.com/bid/23146