Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1149

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1149
Last Modified 16 Apr 2009 01:38:31
Published 26 Mar 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1149

Summary

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

Vulnerable Systems

Application

  • Phpmyadmin 3.1.0

  • Phpmyadmin 3.1.0.0

  • Phpmyadmin 3.1.1

  • Phpmyadmin 3.1.2

  • Phpmyadmin 3.1.3


References

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php

MISC - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303

SECUNIA - 34642

SECUNIA - 34468

SUSE - SUSE-SR:2009:008


Last Updated: 27 May 2016 10:50:28