Lucene search

K
freebsdFreeBSD81B4C118-C586-11E4-8495-6805CA0B3D42
HistoryMar 04, 2015 - 12:00 a.m.

phpMyAdmin -- Risk of BREACH attack due to reflected parameter

2015-03-0400:00:00
vuxml.freebsd.org
25

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.007

Percentile

80.5%

The phpMyAdmin development team reports:

Risk of BREACH attack due to reflected parameter.
With a large number of crafted requests it was possible to infer
the CSRF token by a BREACH attack.
Mitigation factor: this vulnerability can only be exploited in
the presence of another vulnerability that allows the attacker to
inject JavaScript into victim’s browser.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphpmyadmin=Β 4.3.0UNKNOWN
FreeBSDanynoarchphpmyadmin<Β 4.3.11.1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.007

Percentile

80.5%