qfk writes:TITLE: phpMyAdmin HTTP Response Splitting Vulnerability
SECUNIA ADVISORY ID: SA17578
VERIFY ADVISORY: http://secunia.com/advisories/17578/
CRITICAL: Less critical
IMPACT: Exposure of system information, Cross Site Scripting
WHERE: >From remote
SOFTWARE: phpMyAdmin 2.x
http://secunia.com/product/1720/
phpMyAdmin 1.x
http://secunia.com/product/1719/
DESCRIPTION: Toni Koivunen has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct HTTP response splitting attacks. Some input passed to "libraries/header_http.inc.php" isn't properly sanitised before being returned to the user. This can be exploited to include arbitrary HTTP headers in a response sent to the user. Successful exploitation requires that "register_globals" is enabled. It is also possible to disclose the full path to certain scripts by accessing them directly. The vulnerability has been reported in versions prior to 2.6.4-pl4 and in version 2.7.0-beta1.
SOLUTION: Update to version 2.6.4-pl4.
http://www.phpmyadmin.net/home_page/downloads.php
PROVIDED AND/OR DISCOVERED BY: Toni Koivunen
ORIGINAL ADVISORY: Toni Koivunen: http://www.fitsec.com/advisories/FS-05-02.txt
phpMyAdmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6
Related
Re: phpMyAdmin HTTP Response Splitting Vulnerability (Score: 1) |  | Heh! Yet another reason to turn off your globals... :) |
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
