tags 404744 moreinfo thanks Hi,
On Thu, 2006-12-28 at 00:07 +0100, Stefan Fritsch wrote: > Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow > remote attackers to inject arbitrary HTTP headers and conduct HTTP > response splitting attacks via CRLF sequences in a phpMyAdmin cookie > in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) > left.php, (5) libraries/session.inc.php, (6) > libraries/transformations/overview.php, (7) querywindow.php, (8) > server_engines.php, and possibly other files. > > See > http://xforce.iss.net/xforce/xfdb/30703 Thanks, but I'm not convinced that this is actually a bug. The original report talks about using the cookie editor to change values of a cookie. Right, what exactly is wrong with that? It's also only tested against 2.7.0 which is quite an old version. I've asked upstream about this, maybe they can shed some light on this. In absense of more information, I'm inclined to treat this as a non-bug. Thijs
signature.asc
Description: This is a digitally signed message part
