phpMyAdmin HTTP Response Splitting Vulnerability - Website Hosting - VPS Hosting - Domain Registration Ireland :: Blacknight

pkelly · #1 (**permalink**) 16-11-05, 04:18 PM

Description:
Toni Koivunen has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct HTTP response splitting attacks.

Some input passed to "libraries/header_http.inc.php" isn't properly sanitised before being returned to the user. This can be exploited to include arbitrary HTTP headers in a response sent to the user.

Successful exploitation requires that "register_globals" is enabled.

It is also possible to disclose the full path to certain scripts by accessing them directly.

The vulnerability has been reported in versions prior to 2.6.4-pl4 and in version 2.7.0-beta1.

Solution:
Update to version 2.6.4-pl4.
http://www.phpmyadmin.net/home_page/downloads.php

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
phpMyAdmin Cross-Site Request Forgery Vulnerability	pkelly	Security Notices	0	20-12-05 08:07 AM