Lucene search

MitreCVE-2010-4699

HistoryJan 18, 2011 - 8:00 p.m.

CVE-2010-4699

2011-01-1820:00:10

CWE-189

mitre

web.nvd.nist.gov

cve-2010-4699

php

iconv

spam

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.5%

JSON

The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.

Affected configurations

Nvd

Node

phpphpRange≤5.3.3

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.4windows

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

phpphpMatch5.2.15

phpphpMatch5.2.16

phpphpMatch5.2.17

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

VendorProductVersionCPE
phpphp4.4.9cpe:/a:php:php:4.4.9:::
phpphp3.0.17cpe:/a:php:php:3.0.17:::
phpphp5.2.14cpe:/a:php:php:5.2.14:::
phpphp4.0cpe:/a:php:php:4.0:beta1::
phpphp4.3.7cpe:/a:php:php:4.3.7:::
phpphp5.0.1cpe:/a:php:php:5.0.1:::
phpphp4.4.3cpe:/a:php:php:4.4.3:::
phpphp3.0.12cpe:/a:php:php:3.0.12:::
phpphp5.1.6cpe:/a:php:php:5.1.6:::
phpphp4.4.5cpe:/a:php:php:4.4.5:::

Vendor	Product	Version	CPE
php	php	4.4.9	cpe:/a:php:php:4.4.9:::
php	php	3.0.17	cpe:/a:php:php:3.0.17:::
php	php	5.2.14	cpe:/a:php:php:5.2.14:::
php	php	4.0	cpe:/a:php:php:4.0:beta1::
php	php	4.3.7	cpe:/a:php:php:4.3.7:::
php	php	5.0.1	cpe:/a:php:php:5.0.1:::
php	php	4.4.3	cpe:/a:php:php:4.4.3:::
php	php	3.0.12	cpe:/a:php:php:3.0.12:::
php	php	5.1.6	cpe:/a:php:php:5.1.6:::
php	php	4.4.5	cpe:/a:php:php:4.4.5:::