CVE-2002-1783
published 2002-12-31CVE-2002-1783: CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
16.74%
96.6th percentile
CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-09/0086.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0132.htmlhttp://www.debian.org/security/2002/dsa-168http://www.securityfocus.com/bid/5681https://exchange.xforce.ibmcloud.com/vulnerabilities/10080http://archives.neohapsis.com/archives/bugtraq/2002-09/0086.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0132.htmlhttp://www.debian.org/security/2002/dsa-168http://www.securityfocus.com/bid/5681https://exchange.xforce.ibmcloud.com/vulnerabilities/10080
2002-12-31
Published