phpMyAdmin HTTP Response Splitting Vulnerability Date: Wednesday, November 16, 2005 @ 09:24:13 CST Topic: Security TITLE: phpMyAdmin HTTP Response Splitting Vulnerability SECUNIA ADVISORY ID: SA17578 VERIFY ADVISORY: http://secunia.com/advisories/17578/ CRITICAL: Less critical IMPACT: Exposure of system information, Cross Site Scripting WHERE: >From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ phpMyAdmin 1.x http://secunia.com/product/1719/ DESCRIPTION: Toni Koivunen has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct HTTP response splitting attacks. Some input passed to "libraries/header_http.inc.php" isn't properly sanitised before being returned to the user. This can be exploited to include arbitrary HTTP headers in a response sent to the user. Successful exploitation requires that "register_globals" is enabled. It is also possible to disclose the full path to certain scripts by accessing them directly. The vulnerability has been reported in versions prior to 2.6.4-pl4 and in version 2.7.0-beta1. SOLUTION: Update to version 2.6.4-pl4. http://www.phpmyadmin.net/home_page/downloads.php PROVIDED AND/OR DISCOVERED BY: Toni Koivunen ORIGINAL ADVISORY: Toni Koivunen: http://www.fitsec.com/advisories/FS-05-02.txt phpMyAdmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=1712