CVE-2004-0129
CVSS5.0
发布时间 :2004-03-03 00:00:00
修订时间 :2016-10-17 22:41:04
NMCOE    

[原文]Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.


[CNNVD]phpMyAdmin export.php文件泄露漏洞(CNNVD-200403-023)

        
        phpMyAdmin是一个免费工具,为管理MySQL提供了一个WWW管理接口。
        phpMyAdmin包含的'export.php'脚本对用户提交参数缺少充分过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。
        phpMyAdmin包含的'export.php'脚本对用户提交给'what'的参数缺少充分过滤,远程攻击者提交包含多个'../'字符的数据,可绕过WEB ROOT限制,以WEB权限查看系统上的任意文件信息。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:phpmyadmin:phpmyadmin:2.2.5
cpe:/a:phpmyadmin:phpmyadmin:2.5.2
cpe:/a:phpmyadmin:phpmyadmin:2.2.4
cpe:/a:phpmyadmin:phpmyadmin:2.5.1
cpe:/a:phpmyadmin:phpmyadmin:2.5.4
cpe:/a:phpmyadmin:phpmyadmin:2.2.6
cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc2
cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc1
cpe:/a:phpmyadmin:phpmyadmin:2.5.5_pl1
cpe:/a:phpmyadmin:phpmyadmin:2.0.1
cpe:/a:phpmyadmin:phpmyadmin:2.0.3
cpe:/a:phpmyadmin:phpmyadmin:2.1.2
cpe:/a:phpmyadmin:phpmyadmin:2.0.2
cpe:/a:phpmyadmin:phpmyadmin:2.1.1
cpe:/a:phpmyadmin:phpmyadmin:2.0.5
cpe:/a:phpmyadmin:phpmyadmin:2.2.3
cpe:/a:phpmyadmin:phpmyadmin:2.3.2
cpe:/a:phpmyadmin:phpmyadmin:2.5.0
cpe:/a:phpmyadmin:phpmyadmin:2.0.4
cpe:/a:phpmyadmin:phpmyadmin:2.2.2
cpe:/a:phpmyadmin:phpmyadmin:2.3.1
cpe:/a:phpmyadmin:phpmyadmin:2.4.0
cpe:/a:phpmyadmin:phpmyadmin:2.2_rc2
cpe:/a:phpmyadmin:phpmyadmin:2.2_rc3
cpe:/a:phpmyadmin:phpmyadmin:2.1
cpe:/a:phpmyadmin:phpmyadmin:2.0
cpe:/a:phpmyadmin:phpmyadmin:2.2_rc1
cpe:/a:phpmyadmin:phpmyadmin:2.5.5
cpe:/a:phpmyadmin:phpmyadmin:2.2_pre1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0129
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0129
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-023
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107582619125932&w=2
(UNKNOWN)  BUGTRAQ  20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
http://security.gentoo.org/glsa/glsa-200402-05.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200402-05
http://sourceforge.net/forum/forum.php?forum_id=350228
(UNKNOWN)  CONFIRM  http://sourceforge.net/forum/forum.php?forum_id=350228
http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
(UNKNOWN)  CONFIRM  http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
http://www.securityfocus.com/bid/9564
(VENDOR_ADVISORY)  BID  9564
http://xforce.iss.net/xforce/xfdb/15021
(UNKNOWN)  XF  phpmyadmin-dotdot-directory-traversal(15021)

- 漏洞信息

phpMyAdmin export.php文件泄露漏洞
中危 未知
2004-03-03 00:00:00 2005-05-13 00:00:00
远程  
        
        phpMyAdmin是一个免费工具,为管理MySQL提供了一个WWW管理接口。
        phpMyAdmin包含的'export.php'脚本对用户提交参数缺少充分过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。
        phpMyAdmin包含的'export.php'脚本对用户提交给'what'的参数缺少充分过滤,远程攻击者提交包含多个'../'字符的数据,可绕过WEB ROOT限制,以WEB权限查看系统上的任意文件信息。
        

- 公告与补丁

        厂商补丁:
        phpMyAdmin
        ----------
        下载使用phpMyAdmin 2.5.6-rc1:
        
        http://www.phpmyadmin.net/home_page/relnotes.php?rel=0

- 漏洞信息 (23640)

phpMyAdmin 2.x Export.PHP File Disclosure Vulnerability (EDBID:23640)
php webapps
2004-02-03 Verified
0 Cedric Cochin
N/A [点击下载]
source: http://www.securityfocus.com/bid/9564/info

phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be exploited by providing directory traversal sequences as an argument for a specific URI parameter. 

http://www.example.com/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00 		

- 漏洞信息

3800
phpMyAdmin export.php what Parameter Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because export.php fails to validate user input to the "what" variable, which will disclose server file information resulting in a loss of confidentiality.

- 时间线

2004-02-03 2004-02-03
2004-02-03 Unknow

- 解决方案

Upgrade to version 2.5.6-rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站