Lucene search

[email protected]NVD:CVE-2006-6374

HistoryDec 07, 2006 - 5:28 p.m.

CVE-2006-6374

2006-12-0717:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.009

Percentile

82.7%

JSON

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.7.0_pl2

VendorProductVersionCPE
phpmyadminphpmyadmin2.7.0_pl2cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.7.0_pl2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2:::::::*

References

securityreason.com/securityalert/1993

www.securityfocus.com/archive/1/453432/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/30703

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.009

Percentile

82.7%

JSON

Related for NVD:CVE-2006-6374

cvelist1 ubuntucve1 phpmyadmin2 cve1 debiancve1