PHPMyAdmin Multiple HTTP Response Splitting Vulnerabilities

Bugtraq ID:	21421
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 04 2006 12:00AM
Updated:	Dec 04 2006 09:54PM
Credit:	ajann is credited with the discovery of this vulnerability.
Vulnerable:	phpMyAdmin phpMyAdmin 2.7.0-pl2
Not Vulnerable:

PHPMyAdmin Multiple HTTP Response Splitting Vulnerabilities

phpMyAdmin is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Version 2.7.0-pl2 is vulnerable to these issues; other versions may also be affected.

PHPMyAdmin Multiple HTTP Response Splitting Vulnerabilities

Attackers can exploit this issue via a web client.

PHPMyAdmin Multiple HTTP Response Splitting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

PHPMyAdmin Multiple HTTP Response Splitting Vulnerabilities

References:

• Vendor Home Page (phpMyAdmin)
  
• PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting ([email protected])