Lucene search

K
cve[email protected]CVE-2015-2206
HistoryMar 09, 2015 - 5:59 p.m.

CVE-2015-2206

2015-03-0917:59:10
CWE-200
web.nvd.nist.gov
42
cve-2015-2206
phpmyadmin
language value
csrf
http compression
breach attack
remote attackers

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.5%

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Affected configurations

NVD
Node
fedoraprojectfedoraMatch20
OR
fedoraprojectfedoraMatch21
OR
fedoraprojectfedoraMatch22
Node
phpmyadminphpmyadminMatch4.0.0
OR
phpmyadminphpmyadminMatch4.0.0rc2
OR
phpmyadminphpmyadminMatch4.0.0rc3
OR
phpmyadminphpmyadminMatch4.0.1
OR
phpmyadminphpmyadminMatch4.0.2
OR
phpmyadminphpmyadminMatch4.0.3
OR
phpmyadminphpmyadminMatch4.0.4
OR
phpmyadminphpmyadminMatch4.0.4.1
OR
phpmyadminphpmyadminMatch4.0.4.2
OR
phpmyadminphpmyadminMatch4.0.5
OR
phpmyadminphpmyadminMatch4.0.6
OR
phpmyadminphpmyadminMatch4.0.7
OR
phpmyadminphpmyadminMatch4.0.8
OR
phpmyadminphpmyadminMatch4.0.9
OR
phpmyadminphpmyadminMatch4.0.10
OR
phpmyadminphpmyadminMatch4.0.10.1
OR
phpmyadminphpmyadminMatch4.0.10.2
OR
phpmyadminphpmyadminMatch4.0.10.3
OR
phpmyadminphpmyadminMatch4.0.10.4
OR
phpmyadminphpmyadminMatch4.0.10.5
OR
phpmyadminphpmyadminMatch4.0.10.6
OR
phpmyadminphpmyadminMatch4.0.10.7
OR
phpmyadminphpmyadminMatch4.0.10.8
OR
phpmyadminphpmyadminMatch4.2.0
OR
phpmyadminphpmyadminMatch4.2.1
OR
phpmyadminphpmyadminMatch4.2.2
OR
phpmyadminphpmyadminMatch4.2.3
OR
phpmyadminphpmyadminMatch4.2.4
OR
phpmyadminphpmyadminMatch4.2.5
OR
phpmyadminphpmyadminMatch4.2.6
OR
phpmyadminphpmyadminMatch4.2.7
OR
phpmyadminphpmyadminMatch4.2.7.1
OR
phpmyadminphpmyadminMatch4.2.8
OR
phpmyadminphpmyadminMatch4.2.8.1
OR
phpmyadminphpmyadminMatch4.2.9
OR
phpmyadminphpmyadminMatch4.2.9.1
OR
phpmyadminphpmyadminMatch4.2.10
OR
phpmyadminphpmyadminMatch4.2.10.1
OR
phpmyadminphpmyadminMatch4.2.11
OR
phpmyadminphpmyadminMatch4.2.12
OR
phpmyadminphpmyadminMatch4.2.13
OR
phpmyadminphpmyadminMatch4.2.13.1
OR
phpmyadminphpmyadminMatch4.3.0
OR
phpmyadminphpmyadminMatch4.3.1
OR
phpmyadminphpmyadminMatch4.3.2
OR
phpmyadminphpmyadminMatch4.3.3
OR
phpmyadminphpmyadminMatch4.3.4
OR
phpmyadminphpmyadminMatch4.3.5
OR
phpmyadminphpmyadminMatch4.3.6
OR
phpmyadminphpmyadminMatch4.3.7
OR
phpmyadminphpmyadminMatch4.3.8
OR
phpmyadminphpmyadminMatch4.3.9
OR
phpmyadminphpmyadminMatch4.3.10
OR
phpmyadminphpmyadminMatch4.3.11
VendorProductVersionCPE
fedoraprojectfedora22cpe:/o:fedoraproject:fedora:22:::
fedoraprojectfedora21cpe:/o:fedoraproject:fedora:21:::
fedoraprojectfedora20cpe:/o:fedoraproject:fedora:20:::

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.5%