phpMyAdmin

• PMASA-2010-3
• PMASA-2010-2
• PMASA-2010-1
• PMASA-2009-6
• PMASA-2009-5
• PMASA-2009-4
• PMASA-2009-3
• PMASA-2009-2
• PMASA-2009-1
• PMASA-2008-10
• PMASA-2008-9
• PMASA-2008-8
• PMASA-2008-7
• PMASA-2008-6
• PMASA-2008-5
• PMASA-2008-4
• PMASA-2008-3
• PMASA-2008-2
• PMASA-2008-1
• PMASA-2007-8
• PMASA-2007-7
• PMASA-2007-6
• PMASA-2007-5
• PMASA-2007-4
• PMASA-2007-3
• PMASA-2007-2
• PMASA-2007-1
• PMASA-2006-9
• PMASA-2006-8
• PMASA-2006-7
• PMASA-2006-6
• PMASA-2006-5
• PMASA-2006-4
• PMASA-2006-3
• PMASA-2006-2
• PMASA-2006-1
• PMASA-2005-9
• PMASA-2005-8
• PMASA-2005-7
• PMASA-2005-6
• PMASA-2005-5
• PMASA-2005-4
• PMASA-2005-3
• PMASA-2005-2
• PMASA-2005-1
• PMASA-2004-4
• PMASA-2004-3
• PMASA-2004-2
• PMASA-2004-1
• PMASA-2003-1

PMASA-2007-1

Announcement-ID: PMASA-2007-1

Date: 2007-01-16

Summary

HTTP Response Splitting vulnerability

Description

On systems running PHP 5 before 5.1.2 or PHP 4 before 4.4.2, it is possible to trigger this vulnerability by editing the cookie containing PHP's session id. This can be used to send malicious javascript or redirects.

Severity

We consider this vulnerability to be serious.

Affected Versions

Probably all versions to 2.9.1.1.

Solution

Upgrade to phpMyAdmin 2.9.2 or newer.

References

http://www.securityfocus.com/archive/1/453432

Assigned CVE ids: CVE-2006-6374

For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net.