PHP.Function.CRLF.Injection
Description
It indicates an attacker attempted to exploit a Email Composition CRLF Injection Vulnerability in PHP. Certain versions of PHP contain a CRLF Injection Vulnerability when allow_url_ open is enabled. This bug allows attackers to modify HTTP headers for outbound requests by injecting CRLF sequences into the arguments to the fopen and file methods.
Affected Products
PHP 4.2.1 through 4.2.3
Impact
Allows remote attackers to modify HTTP headers for outgoing requests.
Recommended Actions
Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |