CVE-2004-1055
CVSS6.8
发布时间 :2005-03-01 00:00:00
修订时间 :2008-09-10 15:28:52
NMCOS    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.


[CNNVD]PHPMyAdmin 多个跨站脚本攻击(XSS)漏洞(CNNVD-200503-012)

        phpMyAdmin 2.6.0-pl2及更早版本中存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(1) PmaAbsoluteUri参数、(2) read_dump.php中的zero_rows参数、(3) confirm表格或(4) 内部phpMyAdmin解析器生成的出错信息注入任意web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:phpmyadmin:phpmyadmin:2.5.7
cpe:/o:gentoo:linux:1.4:rc1Gentoo Linux 1.4 rc1
cpe:/a:phpmyadmin:phpmyadmin:2.5.4
cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl1
cpe:/a:phpmyadmin:phpmyadmin:2.5.0
cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc2
cpe:/o:gentoo:linux:1.4:rc2Gentoo Linux 1.4 rc2
cpe:/a:phpmyadmin:phpmyadmin:2.5.5
cpe:/a:phpmyadmin:phpmyadmin:2.5.1
cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl2
cpe:/o:gentoo:linux:1.4:rc3Gentoo Linux 1.4 rc3
cpe:/a:phpmyadmin:phpmyadmin:2.5.7_pl1
cpe:/a:phpmyadmin:phpmyadmin:2.5.5_pl1
cpe:/a:phpmyadmin:phpmyadmin:2.5.2
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc1
cpe:/a:phpmyadmin:phpmyadmin:2.5.6_rc1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1055
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1055
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-012
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/18158
(UNKNOWN)  XF  phpmyadmin-multiple-xss(18158)
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3
(UNKNOWN)  CONFIRM  http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3
http://www.netvigilance.com/html/advisory0005.htm
(VENDOR_ADVISORY)  MISC  http://www.netvigilance.com/html/advisory0005.htm

- 漏洞信息

PHPMyAdmin 多个跨站脚本攻击(XSS)漏洞
中危 跨站脚本
2005-03-01 00:00:00 2007-01-02 00:00:00
远程  
        phpMyAdmin 2.6.0-pl2及更早版本中存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(1) PmaAbsoluteUri参数、(2) read_dump.php中的zero_rows参数、(3) confirm表格或(4) 内部phpMyAdmin解析器生成的出错信息注入任意web脚本或HTML。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        phpMyAdmin phpMyAdmin 2.5 .0
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.1
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.2
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        SuSE phpMyAdmin-2.5.3-34.noarch.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/noarch/phpMyAdmin-2.
        5.3-34.noarch.rpm
        phpMyAdmin phpMyAdmin 2.5.4
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.5 -rc2
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.5
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.5 -rc1
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.5 pl1
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.6 -rc1
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        SuSE phpMyAdmin-2.5.6-34.4.noarch.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/noarch/phpMyAdmin-2.5.6-34.4.noarch.rpm
        phpMyAdmin phpMyAdmin 2.5.7
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.5.7 pl1
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        phpMyAdmin phpMyAdmin 2.6 .0pl1
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download
        SuSE phpMyAdmin-2.6.0-4.4.noarch.rpm
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/noarch/phpMyAdmin-2.6.0-4.4.noarch.rpm
        phpMyAdmin phpMyAdmin 2.6 .0pl2
        phpMyAdmin phpMyAdmin 2.6.0-pl3
        http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

- 漏洞信息

11930
phpMyAdmin config.inc.php PmaAbsoluteUri Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'PmaAbsoluteUri' variables upon submission to the 'config.inc.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-11-18 Unknow
2004-11-18 Unknow

- 解决方案

Upgrade to version 2.6.0-pl3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

PHPMyAdmin Multiple Remote Cross-Site Scripting Vulnerabilities
Input Validation Error 11707
Yes No
2004-11-19 12:00:00 2009-07-12 08:06:00
Discovery of this issue is credited to Cedric Cochin.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
phpMyAdmin phpMyAdmin 2.6 .0pl2
+ Gentoo Linux 1.4
+ Gentoo Linux
+ Gentoo Linux
+ Gentoo Linux
phpMyAdmin phpMyAdmin 2.6 .0pl1
phpMyAdmin phpMyAdmin 2.5.7 pl1
phpMyAdmin phpMyAdmin 2.5.7
phpMyAdmin phpMyAdmin 2.5.6 -rc1
phpMyAdmin phpMyAdmin 2.5.5 pl1
phpMyAdmin phpMyAdmin 2.5.5 -rc2
phpMyAdmin phpMyAdmin 2.5.5 -rc1
phpMyAdmin phpMyAdmin 2.5.5
phpMyAdmin phpMyAdmin 2.5.4
phpMyAdmin phpMyAdmin 2.5.2
phpMyAdmin phpMyAdmin 2.5.1
phpMyAdmin phpMyAdmin 2.5 .0
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.4
phpMyAdmin phpMyAdmin 2.6 .0pl3

- 不受影响的程序版本

phpMyAdmin phpMyAdmin 2.6 .0pl3

- 漏洞讨论

Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to perform proper sanitization prior to including user-supplied input in dynamically generated content.

An attacker may leverage these issues to execute arbitrary client side script code in the browser of an unsuspecting user. This may potentially lead to theft of cookie-based authentication credentials as well as other attacks.

- 漏洞利用

No exploit is required to leverage these issues.

- 解决方案

The vendor has released an upgrade providing a solution to these issues.

Gentoo has issued an advisory (GLSA 200411-36) and fixes for Gentoo Linux systems:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.0_p3"

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.


phpMyAdmin phpMyAdmin 2.5 .0

phpMyAdmin phpMyAdmin 2.5.1

phpMyAdmin phpMyAdmin 2.5.2

phpMyAdmin phpMyAdmin 2.5.4

phpMyAdmin phpMyAdmin 2.5.5 -rc2

phpMyAdmin phpMyAdmin 2.5.5

phpMyAdmin phpMyAdmin 2.5.5 -rc1

phpMyAdmin phpMyAdmin 2.5.5 pl1

phpMyAdmin phpMyAdmin 2.5.6 -rc1

phpMyAdmin phpMyAdmin 2.5.7

phpMyAdmin phpMyAdmin 2.5.7 pl1

phpMyAdmin phpMyAdmin 2.6 .0pl1

phpMyAdmin phpMyAdmin 2.6 .0pl2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站