Lucene search

MitreCVE-2006-6374

HistoryDec 07, 2006 - 5:28 p.m.

CVE-2006-6374

2006-12-0717:28:00

mitre

web.nvd.nist.gov

cve

2006

6374

crlf injection

vulnerabilities

phpmyadmin

http headers

remote attackers

http response splitting

security

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.009

Percentile

82.7%

JSON

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.7.0_pl2

VendorProductVersionCPE
phpmyadminphpmyadmin2.7.0_pl2cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.7.0_pl2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2:::::::*

References

securityreason.com/securityalert/1993

www.securityfocus.com/archive/1/453432/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/30703

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.009

Percentile

82.7%

JSON

Related for CVE-2006-6374