NVD脆弱性詳細

CVE-2007-2509

概要	CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
概要	Vulnerabilidad de inyección de retornos de carro y saltos de línea en la función ftp_putcmd de PHP versiones anteriores a 4.4.7, y 5.x anteriores a 5.2.2 permite a atacantes remotos inyectar comandos FTP de su elección mediante secuencias de retornos de carro y saltos de línea en los parámetros de los susodichos comandos FTP.
公表日	2007年5月9日9:19
登録日	2021年1月29日14:12
最終更新日	2026年4月23日9:35

CVSS2.0 : LOW
スコア	2.6
ベクター	AV:N/AC:H/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:php:php:4.0.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.4:patch1::::::
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:4.4.5:::::::*
cpe:2.3:a:php:php:4.4.6:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html	cve@mitre.org
2	http://rhn.redhat.com/errata/RHSA-2007-0889.html	cve@mitre.org
3	http://secunia.com/advisories/25187	cve@mitre.org
4	http://secunia.com/advisories/25191	cve@mitre.org
5	http://secunia.com/advisories/25255	cve@mitre.org
6	http://secunia.com/advisories/25318	cve@mitre.org
7	http://secunia.com/advisories/25365	cve@mitre.org
8	http://secunia.com/advisories/25372	cve@mitre.org
9	http://secunia.com/advisories/25445	cve@mitre.org
10	http://secunia.com/advisories/25660	cve@mitre.org
11	http://secunia.com/advisories/26048	cve@mitre.org
12	http://secunia.com/advisories/26967	cve@mitre.org
13	http://secunia.com/advisories/27351	cve@mitre.org
14	http://security.gentoo.org/glsa/glsa-200705-19.xml	cve@mitre.org
15	http://securityreason.com/securityalert/2672	cve@mitre.org
16	http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm	cve@mitre.org
17	http://us2.php.net/releases/4_4_7.php	cve@mitre.org
18	http://us2.php.net/releases/5_2_2.php	cve@mitre.org
19	http://www.debian.org/security/2007/dsa-1295	cve@mitre.org
20	http://www.debian.org/security/2007/dsa-1296	cve@mitre.org
21	http://www.mandriva.com/security/advisories?name=MDKSA-2007:102	cve@mitre.org
22	http://www.mandriva.com/security/advisories?name=MDKSA-2007:103	cve@mitre.org
23	http://www.redhat.com/support/errata/RHSA-2007-0349.html	cve@mitre.org
24	http://www.redhat.com/support/errata/RHSA-2007-0355.html	cve@mitre.org
25	http://www.redhat.com/support/errata/RHSA-2007-0888.html	cve@mitre.org
26	http://www.securityfocus.com/archive/1/463596/100/0/threaded	cve@mitre.org
27	http://www.securityfocus.com/bid/23813	cve@mitre.org
28	http://www.securityfocus.com/bid/23818	cve@mitre.org
29	http://www.securitytracker.com/id?1018022	cve@mitre.org
30	http://www.trustix.org/errata/2007/0017/	cve@mitre.org
31	http://www.ubuntu.com/usn/usn-462-1	cve@mitre.org
32	http://www.vupen.com/english/advisories/2007/2187	cve@mitre.org
33	https://exchange.xforce.ibmcloud.com/vulnerabilities/34413	cve@mitre.org
34	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839	cve@mitre.org
35	https://rhn.redhat.com/errata/RHSA-2007-0348.html	cve@mitre.org
36	http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html	af854a3a-2127-422b-91ae-364da2661108
37	http://rhn.redhat.com/errata/RHSA-2007-0889.html	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/25187	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/25191	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/25255	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/25318	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/25365	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/25372	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/25445	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/25660	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/26048	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/26967	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/27351	af854a3a-2127-422b-91ae-364da2661108
49	http://security.gentoo.org/glsa/glsa-200705-19.xml	af854a3a-2127-422b-91ae-364da2661108
50	http://securityreason.com/securityalert/2672	af854a3a-2127-422b-91ae-364da2661108
51	http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm	af854a3a-2127-422b-91ae-364da2661108
52	http://us2.php.net/releases/4_4_7.php	af854a3a-2127-422b-91ae-364da2661108
53	http://us2.php.net/releases/5_2_2.php	af854a3a-2127-422b-91ae-364da2661108
54	http://www.debian.org/security/2007/dsa-1295	af854a3a-2127-422b-91ae-364da2661108
55	http://www.debian.org/security/2007/dsa-1296	af854a3a-2127-422b-91ae-364da2661108
56	http://www.mandriva.com/security/advisories?name=MDKSA-2007:102	af854a3a-2127-422b-91ae-364da2661108
57	http://www.mandriva.com/security/advisories?name=MDKSA-2007:103	af854a3a-2127-422b-91ae-364da2661108
58	http://www.redhat.com/support/errata/RHSA-2007-0349.html	af854a3a-2127-422b-91ae-364da2661108
59	http://www.redhat.com/support/errata/RHSA-2007-0355.html	af854a3a-2127-422b-91ae-364da2661108
60	http://www.redhat.com/support/errata/RHSA-2007-0888.html	af854a3a-2127-422b-91ae-364da2661108
61	http://www.securityfocus.com/archive/1/463596/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
62	http://www.securityfocus.com/bid/23813	af854a3a-2127-422b-91ae-364da2661108
63	http://www.securityfocus.com/bid/23818	af854a3a-2127-422b-91ae-364da2661108
64	http://www.securitytracker.com/id?1018022	af854a3a-2127-422b-91ae-364da2661108
65	http://www.trustix.org/errata/2007/0017/	af854a3a-2127-422b-91ae-364da2661108
66	http://www.ubuntu.com/usn/usn-462-1	af854a3a-2127-422b-91ae-364da2661108
67	http://www.vupen.com/english/advisories/2007/2187	af854a3a-2127-422b-91ae-364da2661108
68	https://exchange.xforce.ibmcloud.com/vulnerabilities/34413	af854a3a-2127-422b-91ae-364da2661108
69	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839	af854a3a-2127-422b-91ae-364da2661108
70	https://rhn.redhat.com/errata/RHSA-2007-0348.html	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

構成1	以上	以下	より上	未満
cpe:2.3:a:php:php:4.0.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.4:patch1::::::
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:4.4.5:::::::*
cpe:2.3:a:php:php:4.4.6:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*