Public Date:

The MITRE CVE dictionary describes this issue as:

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\\r\\n\\t\\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

Find out more about CVE-2007-1718 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (php) RHSA-2007:0155 2007-04-16
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (php) RHSA-2007:0162 2007-04-16
Red Hat Enterprise Linux 4 (php) RHSA-2007:0155 2007-04-16
Red Hat Enterprise Linux 5 (php) RHSA-2007:0153 2007-04-20

Last Modified

CVE description copyright © 2017, The MITRE Corporation


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.