phpMyAdmin HTTP Response Splitting and File Inclusion Vulnerabilities


Description   Two vulnerabilities have been identified in phpMyAdmin, which could be exploited by attackers to disclose sensitive information or bypass security restrictions. These issues are caused by input validation errors in the BLOB streaming feature, which could allow arbitrary file inclusion and HTTP header inject attacks.
     
Vulnerable Products   Vulnerable Software:
phpMyAdmin verisons prior to 3.1.3.1
     
Solution   Upgrade to phpMyAdmin verison 3.1.3.1 : http://www.phpmyadmin.net/home_page/downloads.php
     
CVE   CVE-2009-1149
CVE-2009-1148
     
References   http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
PHP : Remote file inclusion prevention : suspicious root_path parameter found in URL
3.2.0
Directory traversal using ..\..
3.2.0
HTTP Response Splitting : suspicious Content-Length in URL
3.2.0
Directory traversal
3.2.0
HTTP Response Splitting : suspicious HTTP/1.x in URL
3.2.0
PHP : Remote file inclusion prevention : URL found as parameter
3.2.0
HTTP Response Splitting : suspicious Set-Cookie in URL
3.2.0
Directory traversal backward root folder
3.2.0
HTTP Response Splitting : suspicious Content-Type in URL
3.5.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2009-03-25 

 Target Type 
Server 

 Possible exploit 
Local & Remote