PMASA-2007-1

Announcement-ID: PMASA-2007-1

Date: 2007-01-16

Summary

HTTP Response Splitting vulnerability

Description

On systems running PHP 5 before 5.1.2 or PHP 4 before 4.4.2, it is possible to trigger this vulnerability by editing the cookie containing PHP's session id. This can be used to send malicious javascript or redirects.

Severity

We consider this vulnerability to be serious.

Affected Versions

Probably all versions to 2.9.1.1.

Solution

Upgrade to phpMyAdmin 2.9.2 or newer.

References

http://www.securityfocus.com/archive/1/453432

Assigned CVE ids: CVE-2006-6374

CWE ids: CWE-661 CWE-113

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements