Lucene search
MitreCVE-2016-9848HistoryDec 11, 2016 - 2:59 a.m.
CVE-2016-9848
2016-12-1102:59:45
CWE-200
mitre
web.nvd.nist.gov
55
phpmyadmin
cve-2016-9848
security
httponly cookies
phpinfo
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
50.1%
An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
Affected configurations
Node
phpmyadminphpmyadminMatch4.4.0
ORphpmyadminphpmyadminMatch4.4.1
ORphpmyadminphpmyadminMatch4.4.1.1
ORphpmyadminphpmyadminMatch4.4.2
ORphpmyadminphpmyadminMatch4.4.3
ORphpmyadminphpmyadminMatch4.4.4
ORphpmyadminphpmyadminMatch4.4.5
ORphpmyadminphpmyadminMatch4.4.6
ORphpmyadminphpmyadminMatch4.4.6.1
ORphpmyadminphpmyadminMatch4.4.7
ORphpmyadminphpmyadminMatch4.4.8
ORphpmyadminphpmyadminMatch4.4.9
ORphpmyadminphpmyadminMatch4.4.10
ORphpmyadminphpmyadminMatch4.4.11
ORphpmyadminphpmyadminMatch4.4.12
ORphpmyadminphpmyadminMatch4.4.13
ORphpmyadminphpmyadminMatch4.4.13.1
ORphpmyadminphpmyadminMatch4.4.14
ORphpmyadminphpmyadminMatch4.4.14.1
ORphpmyadminphpmyadminMatch4.4.15
ORphpmyadminphpmyadminMatch4.4.15.1
ORphpmyadminphpmyadminMatch4.4.15.2
ORphpmyadminphpmyadminMatch4.4.15.3
ORphpmyadminphpmyadminMatch4.4.15.4
ORphpmyadminphpmyadminMatch4.4.15.5
ORphpmyadminphpmyadminMatch4.4.15.6
ORphpmyadminphpmyadminMatch4.4.15.7
ORphpmyadminphpmyadminMatch4.4.15.8
Node
phpmyadminphpmyadminMatch4.6.0
ORphpmyadminphpmyadminMatch4.6.1
ORphpmyadminphpmyadminMatch4.6.2
ORphpmyadminphpmyadminMatch4.6.3
ORphpmyadminphpmyadminMatch4.6.4
Node
phpmyadminphpmyadminMatch4.0.0
ORphpmyadminphpmyadminMatch4.0.1
ORphpmyadminphpmyadminMatch4.0.2
ORphpmyadminphpmyadminMatch4.0.3
ORphpmyadminphpmyadminMatch4.0.4
ORphpmyadminphpmyadminMatch4.0.4.1
ORphpmyadminphpmyadminMatch4.0.4.2
ORphpmyadminphpmyadminMatch4.0.5
ORphpmyadminphpmyadminMatch4.0.6
ORphpmyadminphpmyadminMatch4.0.7
ORphpmyadminphpmyadminMatch4.0.8
ORphpmyadminphpmyadminMatch4.0.9
ORphpmyadminphpmyadminMatch4.0.10
ORphpmyadminphpmyadminMatch4.0.10.1
ORphpmyadminphpmyadminMatch4.0.10.2
ORphpmyadminphpmyadminMatch4.0.10.3
ORphpmyadminphpmyadminMatch4.0.10.4
ORphpmyadminphpmyadminMatch4.0.10.5
ORphpmyadminphpmyadminMatch4.0.10.6
ORphpmyadminphpmyadminMatch4.0.10.7
ORphpmyadminphpmyadminMatch4.0.10.8
ORphpmyadminphpmyadminMatch4.0.10.9
ORphpmyadminphpmyadminMatch4.0.10.10
ORphpmyadminphpmyadminMatch4.0.10.11
ORphpmyadminphpmyadminMatch4.0.10.12
ORphpmyadminphpmyadminMatch4.0.10.13
ORphpmyadminphpmyadminMatch4.0.10.14
ORphpmyadminphpmyadminMatch4.0.10.15
ORphpmyadminphpmyadminMatch4.0.10.16
ORphpmyadminphpmyadminMatch4.0.10.17
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpmyadmin | phpmyadmin | 4.4.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.1.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.2 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.3 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.4 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.5 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.6 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.6.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.4.7 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:* |
Related
debiancve
debiancve
CVE-2016-9848
2016-12-11 02:59:45
phpmyadmin
phpmyadmin
phpinfo information leak value of sensitive (HttpOnly) cookies
2016-11-25 00:00:00
prion
prion
Design/Logic Flaw
2016-12-11 02:59:00
Design/Logic Flaw
2017-05-07 08:29:00
alpinelinux
alpinelinux
CVE-2016-9848
2016-12-11 02:59:45
cvelist
cvelist
CVE-2016-9848
2016-12-11 02:00:00
ubuntucve
ubuntucve
CVE-2016-9848
2016-12-11 00:00:00
nvd
nvd
CVE-2016-9848
2016-12-11 02:59:45
CVE-2016-1000361
2017-05-07 08:29:00
cve
cve
CVE-2016-1000361
2017-05-07 08:29:00
openvas
openvas
phpMyAdmin Multiple Security Vulnerabilities - 04 (Dec 2016) - Windows
2017-04-10 00:00:00
phpMyAdmin Multiple Security Vulnerabilities - 04 (Dec 2016) - Linux
2017-04-10 00:00:00
Mageia: Security Advisory (MGASA-2016-0416)
2022-01-28 00:00:00
mageia
mageia
Updated phpmyadmin packages fix security vulnerability
2016-12-09 11:42:46
nessus
nessus
phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities
2020-12-07 00:00:00
GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities
2017-01-12 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2017-01-11 00:00:00
osv
osv
phpMyAdmin-4.6.5.2-1.1 on GA media
2024-06-15 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
50.1%
Related for CVE-2016-9848