CVE-2007-1717
published 2007-03-28CVE-2007-1717: The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
4.65%
90.6th percentile
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
Affected
52 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jq2w-7pmj-9wpw: The mail function in PHP 4
ghsa_unreviewed·2022-05-01
CVE-2007-1717 [MEDIUM] GHSA-jq2w-7pmj-9wpw: The mail function in PHP 4
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
Red Hat
CVE-2007-1717: The mail function in PHP 4
vendor_redhat·CVSS 5.0
CVE-2007-1717 [MEDIUM] CVE-2007-1717: The mail function in PHP 4
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
Statement: This issue has no security impact.
No detection rules found.
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://secunia.com/advisories/25056http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-33-2007.htmlhttp://www.securityfocus.com/bid/23146http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/33518http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://secunia.com/advisories/25056http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-33-2007.htmlhttp://www.securityfocus.com/bid/23146http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/33518
2007-03-28
Published