CVE-2005-3621

Description

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

How to fix CVE-2005-3621

To remediate CVE-2005-3621, upgrade the affected package to a fixed version below.

• Debian/phpmyadmin—upgrade to 4:2.6.4-pl4-1 or later
• Debian/phpmyadmin—upgrade to 4:2.6.2-3sarge2 or later
• Packagist/phpmyadmin/phpmyadmin—upgrade to 2.6.4-pl4 or later

Is CVE-2005-3621 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 4:2.6.4-pl4-1
• from 0, < 4:2.6.2-3sarge2
• from 0, < 2.6.4-pl4

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2005-3621
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-3621
• WEBweb.archive.org/web/20060514052317/http://securitytracker.com/alerts/2005/Nov/1015213.html
• WEBweb.archive.org/web/20061015000000*/http://www.novell.com/linux/security/advisories/2005_28_sr.html