Lucene search

PhpMyAdminPHPMYADMIN:PMASA-2006-9

HistoryNov 17, 2006 - 12:00 a.m.

Bad IP Allow/Deny checking

2006-11-1700:00:00

www.phpmyadmin.net

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.013

Percentile

85.7%

JSON

PMASA-2006-9

Announcement-ID: PMASA-2006-9

Date: 2006-11-17

Summary

Bad IP Allow/Deny checking

Description

We received a security advisory from Christian Schmidt, Peytz & Co. and we wish to thank him for his work. It was possible to get around IP-based Allow/Deny checking by faking proxy headers.

Severity

We consider this vulnerability to be serious.

Affected Versions

Probably all versions to 2.9.1.

Solution

Upgrade to phpMyAdmin 2.9.1.1 or newer.

References

Assigned CVE ids: CVE-2006-6944

CWE ids: CWE-661 CWE-264

Patches

The following commits have been made to fix this issue:

663eb2b85ed30c1226c5d617bb06c5afe1d3caf5

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.013

Percentile

85.7%

JSON

Related for PHPMYADMIN:PMASA-2006-9