Bringing MySQL to the web

PMASA-2005-6

Announcement-ID: PMASA-2005-6

Date: 2005-11-15

Summary

HTTP Response Splitting vulnerability

Description

Some scripts in phpMyAdmin are vulnerable to an HTTP Response Splitting attack.

Severity

We consider these vulnerabilities to be serious. However, they can only be triggered on systems running with <tt>register_globals = on</tt>.

Affected Versions

We did not make an extensive verification on this. Probably all previous versions, and version 2.7.0-beta1 are affected.

Solution

Upgrade to phpMyAdmin 2.6.4-pl4.

References

Assigned CVE ids: CVE-2005-3621

CWE ids: CWE-661 CWE-113

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.