Web application abuses : phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.100078

Category: Web application abuses

Title: phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities

Summary: phpMyAdmin is prone to multiple input-validation vulnerabilities,; including an HTTP response-splitting vulnerability and a local file-include vulnerability.

Description: Summary:
phpMyAdmin is prone to multiple input-validation vulnerabilities,
including an HTTP response-splitting vulnerability and a local file-include vulnerability.

Vulnerability Impact:
These issues can be leveraged to view or execute arbitrary local
scripts, or misrepresent how web content is served, cached, or interpreted. This could aid in
various attacks that try to entice client users into a false sense of trust. Other attacks are also
possible.

Affected Software/OS:
Versions prior to phpMyAdmin 3.1.3.1 are vulnerable.

Solution:
Update to version 3.1.3.1 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1148
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
http://secunia.com/advisories/34468
http://secunia.com/advisories/34642
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-1149

Copyright Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.100078
Category:	Web application abuses
Title:	phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
Summary:	phpMyAdmin is prone to multiple input-validation vulnerabilities,; including an HTTP response-splitting vulnerability and a local file-include vulnerability.
Description:	Summary: phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTTP response-splitting vulnerability and a local file-include vulnerability. Vulnerability Impact: These issues can be leveraged to view or execute arbitrary local scripts, or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. Other attacks are also possible. Affected Software/OS: Versions prior to phpMyAdmin 3.1.3.1 are vulnerable. Solution: Update to version 3.1.3.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1148 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303 http://secunia.com/advisories/34468 http://secunia.com/advisories/34642 SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2009-1149
Copyright	Copyright (C) 2009 Greenbone AG