SB2008090502 - Multiple vulnerabilities in PHP

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2008090502

SB2008090502 - Multiple vulnerabilities in PHP

Published: September 5, 2008 Updated: June 8, 2025

Security Bulletin ID SB2008090502
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2002-2214)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.


2) Improper Neutralization of Argument Delimiters in a Command (CVE-ID: CVE-2002-0985)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.


3) Input validation error (CVE-ID: CVE-2002-0717)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.


Remediation

Install update from vendor's website.

References