DebianDEBIAN:DLA-1311-1:7B9D8[SECURITY] [DLA 1311-1] adminer security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.0%
Package : adminer
Version : 3.3.3-1+deb7u1
CVE ID : CVE-2018-7667
Debian Bug : #893668
It was discovered that there was a server-side request forgery exploit in
adminer, a web-based database administration tool.
Adminer allowed unauthenticated connections to be initiated to arbitrary
systems and ports which could bypass external firewalls to identify
internal hosts or perform port scanning of other servers.
For Debian 7 "Wheezy", this issue has been fixed in adminer version
3.3.3-1+deb7u1.
We recommend that you upgrade your adminer packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | all | adminer | < 3.3.3-1+deb7u1 | adminer_3.3.3-1+deb7u1_all.deb |
| Debian | 8 | all | adminer | < 3.3.3-1+deb8u1 | adminer_3.3.3-1+deb8u1_all.deb |
| Debian | 9 | all | adminer | < 4.2.5-3+deb9u1 | adminer_4.2.5-3+deb9u1_all.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.0%