{"id": "C6E31869-F99F-11E4-9F91-6805CA0B3D42", "bulletinFamily": "unix", "title": "phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities", "description": "\nThe phpMyAdmin development team reports:\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\nBy deceiving a user to click on a crafted URL, it is\n\t possible to alter the configuration file being generated\n\t with phpMyAdmin setup.\nThis vulnerability only affects the configuration file\n\t generation process and does not affect the effective\n\t configuration file. Moreover, the configuration file being\n\t generated is at risk only during the period when it's\n\t writable.\n\n\n Vulnerability allowing man-in-the-middle attack on API\n\t call to GitHub.\nA vulnerability in the API call to GitHub can be\n\t exploited to perform a man-in-the-middle attack.\nWe consider this vulnerability to be serious.\n\n", "published": "2015-05-13T00:00:00", "modified": "2015-05-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/c6e31869-f99f-11e4-9f91-6805ca0b3d42.html", "reporter": "FreeBSD", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php", "http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php"], "cvelist": ["CVE-2015-3903", "CVE-2015-3902"], "type": "freebsd", "lastseen": "2019-05-29T18:33:16", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.6.1"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.0"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-3903", "CVE-2015-3902"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nThe phpMyAdmin development team reports:\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\nBy deceiving a user to click on a crafted URL, it is\n\t possible to alter the configuration file being generated\n\t with phpMyAdmin setup.\nThis vulnerability only affects the configuration file\n\t generation process and does not affect the effective\n\t configuration file. Moreover, the configuration file being\n\t generated is at risk only during the period when it's\n\t writable.\n\n\n Vulnerability allowing man-in-the-middle attack on API\n\t call to GitHub.\nA vulnerability in the API call to GitHub can be\n\t exploited to perform a man-in-the-middle attack.\nWe consider this vulnerability to be serious.\n\n", "edition": 1, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "3122057034e8b391cbf93fee6daf1fb3267c580fd4fabe44e8cd3ac100cf0e2f", "hashmap": [{"hash": "5d6a2d5810657ca6362f6dbd2e9dc511", "key": "modified"}, {"hash": "dc21f13fdb7ed755f61c2596d8e5ab5f", "key": "href"}, {"hash": "0159775336516e781c9c46186ff4b790", "key": "affectedPackage"}, {"hash": "5d6a2d5810657ca6362f6dbd2e9dc511", "key": "published"}, {"hash": "1aa04cac723b8aca8c9c8878be9cd16e", "key": "description"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "adbbf8821d832b024bbffc92a086af2e", "key": "title"}, {"hash": "962c40873717e7cd682ae6b0990e2c73", "key": "references"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "4445a34395f4b47977e2a5e24970677e", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/c6e31869-f99f-11e4-9f91-6805ca0b3d42.html", "id": "C6E31869-F99F-11E4-9F91-6805CA0B3D42", "lastseen": "2016-09-26T17:24:19", "modified": "2015-05-13T00:00:00", "objectVersion": "1.2", "published": "2015-05-13T00:00:00", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php", "http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php"], "reporter": "FreeBSD", "title": "phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:19"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.6.1"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.0"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-3903", "CVE-2015-3902"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nThe phpMyAdmin development team reports:\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\nBy deceiving a user to click on a crafted URL, it is\n\t possible to alter the configuration file being generated\n\t with phpMyAdmin setup.\nThis vulnerability only affects the configuration file\n\t generation process and does not affect the effective\n\t configuration file. Moreover, the configuration file being\n\t generated is at risk only during the period when it's\n\t writable.\n\n\n Vulnerability allowing man-in-the-middle attack on API\n\t call to GitHub.\nA vulnerability in the API call to GitHub can be\n\t exploited to perform a man-in-the-middle attack.\nWe consider this vulnerability to be serious.\n\n", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "17114c2c5f19feba6df9ba54a5b0f7f82f60d3bb27e0c4991c121e83a262f9fe", "hashmap": [{"hash": "5d6a2d5810657ca6362f6dbd2e9dc511", "key": "modified"}, {"hash": "dc21f13fdb7ed755f61c2596d8e5ab5f", "key": "href"}, {"hash": "0159775336516e781c9c46186ff4b790", "key": "affectedPackage"}, {"hash": "5d6a2d5810657ca6362f6dbd2e9dc511", "key": "published"}, {"hash": "1aa04cac723b8aca8c9c8878be9cd16e", "key": "description"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "adbbf8821d832b024bbffc92a086af2e", "key": "title"}, {"hash": "962c40873717e7cd682ae6b0990e2c73", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "4445a34395f4b47977e2a5e24970677e", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/c6e31869-f99f-11e4-9f91-6805ca0b3d42.html", "id": "C6E31869-F99F-11E4-9F91-6805CA0B3D42", "lastseen": "2018-08-30T19:14:30", "modified": "2015-05-13T00:00:00", "objectVersion": "1.3", "published": "2015-05-13T00:00:00", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php", "http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php"], "reporter": "FreeBSD", "title": "phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:14:30"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.6.1"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.0"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-3903", "CVE-2015-3902"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nThe phpMyAdmin development team reports:\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\nBy deceiving a user to click on a crafted URL, it is\n\t possible to alter the configuration file being generated\n\t with phpMyAdmin setup.\nThis vulnerability only affects the configuration file\n\t generation process and does not affect the effective\n\t configuration file. Moreover, the configuration file being\n\t generated is at risk only during the period when it's\n\t writable.\n\n\n Vulnerability allowing man-in-the-middle attack on API\n\t call to GitHub.\nA vulnerability in the API call to GitHub can be\n\t exploited to perform a man-in-the-middle attack.\nWe consider this vulnerability to be serious.\n\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-08-31T01:14:41", "references": [{"idList": ["DEBIAN:DLA-336-1:24EC3", "DEBIAN:DSA-3382-1:A1C93"], "type": "debian"}, {"idList": ["FREEBSD_PKG_C6E31869F99F11E49F916805CA0B3D42.NASL", "PHPMYADMIN_PMASA_2015_3.NASL", "DEBIAN_DLA-336.NASL", "OPENSUSE-2015-466.NASL", "FEDORA_2015-8190.NASL", "FEDORA_2015-8274.NASL", "FEDORA_2015-8267.NASL", "DEBIAN_DSA-3382.NASL"], "type": "nessus"}, {"idList": ["PHPMYADMIN:PMASA-2015-2", "PHPMYADMIN:PMASA-2015-3"], "type": "phpmyadmin"}, {"idList": ["CVE-2015-3903", "CVE-2015-3902"], "type": "cve"}, {"idList": ["OPENVAS:703382", "OPENVAS:1361412562310869376", "OPENVAS:1361412562310805398", "OPENVAS:1361412562310869403", "OPENVAS:1361412562310703382", "OPENVAS:1361412562310869652"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:32132", "SECURITYVULNS:VULN:14499"], "type": "securityvulns"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "3122057034e8b391cbf93fee6daf1fb3267c580fd4fabe44e8cd3ac100cf0e2f", "hashmap": [{"hash": "5d6a2d5810657ca6362f6dbd2e9dc511", "key": "modified"}, {"hash": "dc21f13fdb7ed755f61c2596d8e5ab5f", "key": "href"}, {"hash": "0159775336516e781c9c46186ff4b790", "key": "affectedPackage"}, {"hash": "5d6a2d5810657ca6362f6dbd2e9dc511", "key": "published"}, {"hash": "1aa04cac723b8aca8c9c8878be9cd16e", "key": "description"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "adbbf8821d832b024bbffc92a086af2e", "key": "title"}, {"hash": "962c40873717e7cd682ae6b0990e2c73", "key": "references"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "4445a34395f4b47977e2a5e24970677e", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/c6e31869-f99f-11e4-9f91-6805ca0b3d42.html", "id": "C6E31869-F99F-11E4-9F91-6805CA0B3D42", "lastseen": "2018-08-31T01:14:41", "modified": "2015-05-13T00:00:00", "objectVersion": "1.3", "published": "2015-05-13T00:00:00", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php", "http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php"], "reporter": "FreeBSD", "title": "phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities", "type": "freebsd", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-31T01:14:41"}], "edition": 4, "hashmap": [{"key": "affectedPackage", "hash": "0159775336516e781c9c46186ff4b790"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "4445a34395f4b47977e2a5e24970677e"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "description", "hash": "1aa04cac723b8aca8c9c8878be9cd16e"}, {"key": "href", "hash": "dc21f13fdb7ed755f61c2596d8e5ab5f"}, {"key": "modified", "hash": "5d6a2d5810657ca6362f6dbd2e9dc511"}, {"key": "published", "hash": "5d6a2d5810657ca6362f6dbd2e9dc511"}, {"key": "references", "hash": "962c40873717e7cd682ae6b0990e2c73"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "adbbf8821d832b024bbffc92a086af2e"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "6ceac39a63069de56ffea604fbb8823de18d6fcb435d84c1a0e2ace5b7eb2b10", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-3902", "CVE-2015-3903"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_C6E31869F99F11E49F916805CA0B3D42.NASL", "FEDORA_2015-8190.NASL", "FEDORA_2015-8267.NASL", "FEDORA_2015-8274.NASL", "PHPMYADMIN_PMASA_2015_3.NASL", "OPENSUSE-2015-466.NASL", "DEBIAN_DSA-3382.NASL", "DEBIAN_DLA-336.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310869376", "OPENVAS:1361412562310805398", "OPENVAS:1361412562310869403", "OPENVAS:1361412562310869652", "OPENVAS:703382", "OPENVAS:1361412562310703382"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2015-2", "PHPMYADMIN:PMASA-2015-3"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32132", "SECURITYVULNS:VULN:14499"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3382-1:A1C93", "DEBIAN:DLA-336-1:24EC3"]}], "modified": "2019-05-29T18:33:16"}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:33:16"}, "vulnersScore": 5.9}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.6.1"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "4.4.0"}], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:14:42", "bulletinFamily": "NVD", "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.", "modified": "2016-12-28T02:59:00", "id": "CVE-2015-3902", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3902", "published": "2015-05-26T15:59:00", "title": "CVE-2015-3902", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:14:42", "bulletinFamily": "NVD", "description": "libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.", "modified": "2018-10-09T19:56:00", "id": "CVE-2015-3903", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3903", "published": "2015-05-26T15:59:00", "title": "CVE-2015-3903", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869403", "title": "Fedora Update for phpMyAdmin FEDORA-2015-8267", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2015-8267\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869403\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:52:38 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2015-8267\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8267\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158084.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.4.6.1~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869652", "title": "Fedora Update for phpMyAdmin FEDORA-2015-8190", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2015-8190\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869652\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:31:59 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2015-8190\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8190\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158649.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.4.6.1~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "description": "This host is installed with phpMyAdmin and\n is prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2015-06-04T00:00:00", "id": "OPENVAS:1361412562310805398", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805398", "title": "phpMyAdmin Multiple Vulnerabilities -01 June15", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln01_june15.nasl 2015-06-04 17:24:38 +0530 Jun$\n#\n# phpMyAdmin Multiple Vulnerabilities -01 June15\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805398\");\n script_version(\"$Revision: 11975 $\");\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_bugtraq_id(74660, 74657);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 08:54:12 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-04 17:24:38 +0530 (Thu, 04 Jun 2015)\");\n script_name(\"phpMyAdmin Multiple Vulnerabilities -01 June15\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyAdmin and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - 'libraries/Config.class.php' disables X.509 certificate verification\n for GitHub API calls over SSL\n\n - HTTP requests do not require multiple steps, explicit confirmation,\n or a unique token when performing certain sensitive actions.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow\n attackers to obtain sensitive information by conducting a man-in-the-middle\n attack or by conducting a cross-site scripting attacks, Web cache poisoning, and\n other malicious activities.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.0.x before 4.0.10.10,\n 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin 4.0.10.10, or 4.2.13.3\n or 4.3.13.1 or 4.4.6.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1032404\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!phpPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!phpVer = get_app_version(cpe:CPE, port:phpPort)) exit(0);\n\nif (version_in_range(version:phpVer, test_version:\"4.0.0\", test_version2:\"4.0.10.9\"))\n{\n fix = \"4.0.10.10\";\n VULN = TRUE;\n}\nif (version_in_range(version:phpVer, test_version:\"4.2.0\", test_version2:\"4.2.13.2\"))\n{\n fix = \"4.2.13.3\";\n VULN = TRUE;\n}\nif (version_in_range(version:phpVer, test_version:\"4.3.0\", test_version2:\"4.3.13.0\"))\n{\n fix = \"4.3.13.1\";\n VULN = TRUE;\n}\nif (version_in_range(version:phpVer, test_version:\"4.4.0\", test_version2:\"4.4.6.0\"))\n{\n fix = \"4.4.6.1\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(port:phpPort, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869376", "title": "Fedora Update for phpMyAdmin FEDORA-2015-8274", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2015-8274\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869376\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:44:28 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2015-8274\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8274\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158114.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.4.6.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:29", "bulletinFamily": "scanner", "description": "Several issues have been fixed\nin phpMyAdmin, the web administration tool for MySQL.\n\nCVE-2014-8958 (Wheezy only)\n\nMultiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218 (Wheezy only)\n\nDenial of service (resource consumption) via a long password.\n\nCVE-2015-2206 \nRisk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902 \nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nCVE-2015-3903 (Jessie only)\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nCVE-2015-6830 (Jessie only)\n\nVulnerability that allows bypassing the reCaptcha test.\n\nCVE-2015-7873 (Jessie only)\n\nContent spoofing vulnerability when redirecting user to an\nexternal site.", "modified": "2017-07-07T00:00:00", "published": "2015-10-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703382", "id": "OPENVAS:703382", "title": "Debian Security Advisory DSA 3382-1 (phpmyadmin - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3382.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3382-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703382);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-8958\", \"CVE-2014-9218\", \"CVE-2015-2206\", \"CVE-2015-3902\",\n \"CVE-2015-3903\", \"CVE-2015-6830\", \"CVE-2015-7873\");\n script_name(\"Debian Security Advisory DSA 3382-1 (phpmyadmin - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-10-28 00:00:00 +0100 (Wed, 28 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3382.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"phpmyadmin on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package allows administering of MySQL with a web interface.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 4:3.4.11.1-2+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:4.5.1-1.\n\nWe recommend that you upgrade your phpmyadmin packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been fixed\nin phpMyAdmin, the web administration tool for MySQL.\n\nCVE-2014-8958 (Wheezy only)\n\nMultiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218 (Wheezy only)\n\nDenial of service (resource consumption) via a long password.\n\nCVE-2015-2206 \nRisk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902 \nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nCVE-2015-3903 (Jessie only)\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nCVE-2015-6830 (Jessie only)\n\nVulnerability that allows bypassing the reCaptcha test.\n\nCVE-2015-7873 (Jessie only)\n\nContent spoofing vulnerability when redirecting user to an\nexternal site.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"4:3.4.11.1-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"4:4.2.12-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "description": "Several issues have been fixed\nin phpMyAdmin, the web administration tool for MySQL.\n\nCVE-2014-8958 (Wheezy only)\n\nMultiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218 (Wheezy only)\n\nDenial of service (resource consumption) via a long password.\n\nCVE-2015-2206\nRisk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902\nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nCVE-2015-3903 (Jessie only)\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nCVE-2015-6830 (Jessie only)\n\nVulnerability that allows bypassing the reCaptcha test.\n\nCVE-2015-7873 (Jessie only)\n\nContent spoofing vulnerability when redirecting user to an\nexternal site.", "modified": "2019-03-18T00:00:00", "published": "2015-10-28T00:00:00", "id": "OPENVAS:1361412562310703382", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703382", "title": "Debian Security Advisory DSA 3382-1 (phpmyadmin - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3382.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3382-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703382\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-8958\", \"CVE-2014-9218\", \"CVE-2015-2206\", \"CVE-2015-3902\",\n \"CVE-2015-3903\", \"CVE-2015-6830\", \"CVE-2015-7873\");\n script_name(\"Debian Security Advisory DSA 3382-1 (phpmyadmin - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-28 00:00:00 +0100 (Wed, 28 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3382.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"phpmyadmin on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 4:3.4.11.1-2+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:4.5.1-1.\n\nWe recommend that you upgrade your phpmyadmin packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been fixed\nin phpMyAdmin, the web administration tool for MySQL.\n\nCVE-2014-8958 (Wheezy only)\n\nMultiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218 (Wheezy only)\n\nDenial of service (resource consumption) via a long password.\n\nCVE-2015-2206\nRisk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902\nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nCVE-2015-3903 (Jessie only)\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nCVE-2015-6830 (Jessie only)\n\nVulnerability that allows bypassing the reCaptcha test.\n\nCVE-2015-7873 (Jessie only)\n\nContent spoofing vulnerability when redirecting user to an\nexternal site.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"4:3.4.11.1-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"4:4.2.12-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:27:24", "bulletinFamily": "scanner", "description": "phpMyAdmin 4.4.6.1 (2015-05-13) ===============================\n\n - [security] CSRF vulnerability in setup\n\n - [security] Vulnerability allowing man-in-the-middle\n attack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-8267.NASL", "href": "https://www.tenable.com/plugins/nessus/83508", "published": "2015-05-18T00:00:00", "title": "Fedora 21 : phpMyAdmin-4.4.6.1-1.fc21 (2015-8267)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8267.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83508);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:53 $\");\n\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_xref(name:\"FEDORA\", value:\"2015-8267\");\n\n script_name(english:\"Fedora 21 : phpMyAdmin-4.4.6.1-1.fc21 (2015-8267)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.4.6.1 (2015-05-13) ===============================\n\n - [security] CSRF vulnerability in setup\n\n - [security] Vulnerability allowing man-in-the-middle\n attack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221581\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158084.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7337c1be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"phpMyAdmin-4.4.6.1-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:24", "bulletinFamily": "scanner", "description": "phpMyAdmin 4.4.6.1 (2015-05-13) ===============================\n\n - [security] CSRF vulnerability in setup\n\n - [security] Vulnerability allowing man-in-the-middle\n attack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-8274.NASL", "href": "https://www.tenable.com/plugins/nessus/83509", "published": "2015-05-18T00:00:00", "title": "Fedora 20 : phpMyAdmin-4.4.6.1-1.fc20 (2015-8274)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8274.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83509);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:53 $\");\n\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_xref(name:\"FEDORA\", value:\"2015-8274\");\n\n script_name(english:\"Fedora 20 : phpMyAdmin-4.4.6.1-1.fc20 (2015-8274)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.4.6.1 (2015-05-13) ===============================\n\n - [security] CSRF vulnerability in setup\n\n - [security] Vulnerability allowing man-in-the-middle\n attack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221581\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158114.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d815cd52\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"phpMyAdmin-4.4.6.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:20:03", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the phpMyAdmin\napplication hosted on the remote web server is 4.0.x prior to\n4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x\nprior to 4.4.6.1. It is, therefore, potentially affected by multiple\nvulnerabilities:\n\n - An attacker could trick a user with a crafted URL during\n installation to alter the configuration file being\n generated. (CVE-2015-3902)\n\n - A flaw exits in ", "modified": "2019-11-02T00:00:00", "id": "PHPMYADMIN_PMASA_2015_3.NASL", "href": "https://www.tenable.com/plugins/nessus/83732", "published": "2015-05-20T00:00:00", "title": "phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83732);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_bugtraq_id(74657, 74660);\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3)\");\n script_summary(english:\"Checks the version of phpMyAdmin.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin\napplication hosted on the remote web server is 4.0.x prior to\n4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x\nprior to 4.4.6.1. It is, therefore, potentially affected by multiple\nvulnerabilities:\n\n - An attacker could trick a user with a crafted URL during\n installation to alter the configuration file being\n generated. (CVE-2015-3902)\n\n - A flaw exits in 'Config.class.php', due to an error in\n an API call to GitHub, that allows a man-in-the-middle\n attacker to perform unauthorized actions.\n (CVE-2015-3903)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php\");\n # PMASA-2015-2\n # 4.4 https://github.com/phpmyadmin/phpmyadmin/commit/ee92eb9bab8e2d546756c1d4aec81ec7c8e44b83\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e995f404\");\n # 4.3 https://github.com/phpmyadmin/phpmyadmin/commit/9817bd4030de949ba9ce4cd1b3f047e22d8f66bd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c7f08b0\");\n # 4.2 https://github.com/phpmyadmin/phpmyadmin/commit/c903ecf6751684b6af2d079c78b1f0d09ea2bd47\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?37e50c37\");\n # 4.0 https://github.com/phpmyadmin/phpmyadmin/commit/fea1d39fef540afa4105c6fbcc849f7e516f3da8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?21f1371b\");\n\n # PMASA-2015-3\n # 4.4 https://github.com/phpmyadmin/phpmyadmin/commit/5ebc4daf131dd3bd646326267f3e765d0249bbb4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c563b16\");\n # 4.3 https://github.com/phpmyadmin/phpmyadmin/commit/75499e790429c491840a0ad31d4de84aca215d23\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6ae04d9\");\n # 4.2 https://github.com/phpmyadmin/phpmyadmin/commit/0e18931d9e4b23053285b6fddf3493ca426ff684\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5388d172\");\n # 4.0 https://github.com/phpmyadmin/phpmyadmin/commit/e97e7fb0ea2dedfaa95c7dbe872027fb4bd4204c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?daf387cd\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin 4.0.10.10 / 4.2.13.3 / 4.3.13.1 / 4.4.6.1 or\nlater, or apply the patches referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"phpMyAdmin\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(app_name:appname, port:port, exit_if_unknown_ver:TRUE);\ndir = install['path'];\nurl = build_url(qs:dir, port:port);\nversion = install['version'];\n\nif (version =~ \"^4(\\.[0234])?$\") audit(AUDIT_VER_NOT_GRANULAR, appname, port, version);\nif (version !~ \"^4\\.[0234][^0-9]\") audit(AUDIT_WEB_APP_NOT_INST, appname + \" 4.0.x / 4.2.x / 4.3.x / 4.4.x\", port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nre = make_array(\n -2, \"-beta(\\d+)\",\n -1, \"-rc(\\d+)\"\n);\n\n# Affected version\n# 4.0.x < 4.0.10.10\n# 4.2.x < 4.2.13.3\n# 4.3.x < 4.3.13.1\n# 4.4.x < 4.4.6.1\ncut_off = NULL;\nfixed_ver = NULL;\n\nif (version =~ \"^4\\.0\\.\")\n{\n cut_off = '4.0.0';\n fixed_ver = '4.0.10.10';\n}\nelse if (version =~ \"^4\\.2\\.\")\n{\n cut_off = '4.2.0';\n fixed_ver = '4.2.13.3';\n}\nelse if (version =~ \"^4\\.3\\.\")\n{\n cut_off = '4.3.0';\n fixed_ver = '4.3.13.1';\n}\nelse if (version =~ \"^4\\.4\\.\")\n{\n cut_off = '4.4.0';\n fixed_ver = '4.4.6.1';\n}\nelse\n{\n audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, version);\n}\n\nif (\n ver_compare(ver:version, fix:cut_off, regexes:re) >= 0 &&\n ver_compare(ver:version, fix:fixed_ver, regexes:re) == -1\n)\n{\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:24", "bulletinFamily": "scanner", "description": "phpMyAdmin 4.4.6.1 (2015-05-13) ===============================\n\n - [security] CSRF vulnerability in setup\n\n - [security] Vulnerability allowing man-in-the-middle\n attack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-8190.NASL", "href": "https://www.tenable.com/plugins/nessus/83827", "published": "2015-05-27T00:00:00", "title": "Fedora 22 : phpMyAdmin-4.4.6.1-1.fc22 (2015-8190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8190.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83827);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:53 $\");\n\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n script_xref(name:\"FEDORA\", value:\"2015-8190\");\n\n script_name(english:\"Fedora 22 : phpMyAdmin-4.4.6.1-1.fc22 (2015-8190)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.4.6.1 (2015-05-13) ===============================\n\n - [security] CSRF vulnerability in setup\n\n - [security] Vulnerability allowing man-in-the-middle\n attack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221581\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158649.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c99662f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"phpMyAdmin-4.4.6.1-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:39:36", "bulletinFamily": "scanner", "description": "The phpMyAdmin development team reports :\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nBy deceiving a user to click on a crafted URL, it is possible to alter\nthe configuration file being generated with phpMyAdmin setup.\n\nThis vulnerability only affects the configuration file generation\nprocess and does not affect the effective configuration file.\nMoreover, the configuration file being generated is at risk only\nduring the period when it", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_C6E31869F99F11E49F916805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/83441", "published": "2015-05-14T00:00:00", "title": "FreeBSD : phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities (c6e31869-f99f-11e4-9f91-6805ca0b3d42)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83441);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2015-3902\", \"CVE-2015-3903\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities (c6e31869-f99f-11e4-9f91-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nBy deceiving a user to click on a crafted URL, it is possible to alter\nthe configuration file being generated with phpMyAdmin setup.\n\nThis vulnerability only affects the configuration file generation\nprocess and does not affect the effective configuration file.\nMoreover, the configuration file being generated is at risk only\nduring the period when it's writable.\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nA vulnerability in the API call to GitHub can be exploited to perform\na man-in-the-middle attack.\n\nWe consider this vulnerability to be serious.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2015-2/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2015-3/\"\n );\n # https://vuxml.freebsd.org/freebsd/c6e31869-f99f-11e4-9f91-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12b1a041\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin>=4.4.0<4.4.6.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:47", "bulletinFamily": "scanner", "description": "phpMyAdmin was updated to 4.2.13.3 to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3902: CSRF vulnerability in setup\n (PMASA-2015-2, boo#930992)\n\n - CVE-2015-3903: Vulnerability allowing man-in-the-middle\n attack (PMASA-2015-3, boo#930993)\n\n - CVE-2015-2206: Risk of BREACH attack (PMASA-2015-1,\n boo#920773)\n\nAlso contains all upstream bug fixes in the 4.2.13 branch.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2015-466.NASL", "href": "https://www.tenable.com/plugins/nessus/84533", "published": "2015-07-06T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2015-466)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-466.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84533);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/07/06 13:45:36 $\");\n\n script_cve_id(\"CVE-2015-2206\", \"CVE-2015-3902\", \"CVE-2015-3903\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2015-466)\");\n script_summary(english:\"Check for the openSUSE-2015-466 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin was updated to 4.2.13.3 to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3902: CSRF vulnerability in setup\n (PMASA-2015-2, boo#930992)\n\n - CVE-2015-3903: Vulnerability allowing man-in-the-middle\n attack (PMASA-2015-3, boo#930993)\n\n - CVE-2015-2206: Risk of BREACH attack (PMASA-2015-1,\n boo#920773)\n\nAlso contains all upstream bug fixes in the 4.2.13 branch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=920773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930993\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"phpMyAdmin-4.2.13.3-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"phpMyAdmin-4.2.13.3-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:21:22", "bulletinFamily": "scanner", "description": "Several issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.\n\n - CVE-2014-8958 (Wheezy only)\n Multiple cross-site scripting (XSS) vulnerabilities.\n\n - CVE-2014-9218 (Wheezy only)\n Denial of service (resource consumption) via a long\n password.\n\n - CVE-2015-2206\n Risk of BREACH attack due to reflected parameter.\n\n - CVE-2015-3902\n XSRF/CSRF vulnerability in phpMyAdmin setup.\n\n - CVE-2015-3903 (Jessie only)\n Vulnerability allowing man-in-the-middle attack on API\n call to GitHub.\n\n - CVE-2015-6830 (Jessie only)\n Vulnerability that allows bypassing the reCaptcha test.\n\n - CVE-2015-7873 (Jessie only)\n Content spoofing vulnerability when redirecting user to\n an external site.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-3382.NASL", "href": "https://www.tenable.com/plugins/nessus/86665", "published": "2015-10-30T00:00:00", "title": "Debian DSA-3382-1 : phpmyadmin - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3382. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86665);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2014-8958\", \"CVE-2014-9218\", \"CVE-2015-2206\", \"CVE-2015-3902\", \"CVE-2015-3903\", \"CVE-2015-6830\", \"CVE-2015-7873\");\n script_xref(name:\"DSA\", value:\"3382\");\n\n script_name(english:\"Debian DSA-3382-1 : phpmyadmin - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.\n\n - CVE-2014-8958 (Wheezy only)\n Multiple cross-site scripting (XSS) vulnerabilities.\n\n - CVE-2014-9218 (Wheezy only)\n Denial of service (resource consumption) via a long\n password.\n\n - CVE-2015-2206\n Risk of BREACH attack due to reflected parameter.\n\n - CVE-2015-3902\n XSRF/CSRF vulnerability in phpMyAdmin setup.\n\n - CVE-2015-3903 (Jessie only)\n Vulnerability allowing man-in-the-middle attack on API\n call to GitHub.\n\n - CVE-2015-6830 (Jessie only)\n Vulnerability that allows bypassing the reCaptcha test.\n\n - CVE-2015-7873 (Jessie only)\n Content spoofing vulnerability when redirecting user to\n an external site.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-2206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-6830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3382\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the phpmyadmin packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 4:3.4.11.1-2+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 4:4.2.12-2+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"phpmyadmin\", reference:\"4:3.4.11.1-2+deb7u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"phpmyadmin\", reference:\"4:4.2.12-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:20:31", "bulletinFamily": "scanner", "description": "Several issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.\n\nCVE-2014-8958\n\nMultiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218\n\nDenial of service (resource consumption) via a long password.\n\nCVE-2015-2206\n\nRisk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-336.NASL", "href": "https://www.tenable.com/plugins/nessus/86641", "published": "2015-10-29T00:00:00", "title": "Debian DLA-336-1 : phpmyadmin security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-336-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86641);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-8958\", \"CVE-2014-9218\", \"CVE-2015-2206\", \"CVE-2015-3902\");\n script_bugtraq_id(71243, 71434, 72949, 74657);\n\n script_name(english:\"Debian DLA-336-1 : phpmyadmin security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.\n\nCVE-2014-8958\n\nMultiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218\n\nDenial of service (resource consumption) via a long password.\n\nCVE-2015-2206\n\nRisk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/10/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"phpmyadmin\", reference:\"4:3.3.7-9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "phpmyadmin": [{"lastseen": "2019-05-29T19:31:05", "bulletinFamily": "software", "description": "## PMASA-2015-3\n\n**Announcement-ID:** PMASA-2015-3\n\n**Date:** 2015-05-13\n\n### Summary\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\n### Description\n\nA vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack.\n\n### Severity\n\nWe consider this vulnerability to be serious.\n\n### Affected Versions\n\nVersions 4.0.x (prior to 4.0.10.10), 4.2.x (prior to 4.2.13.3), 4.3.x (prior to 4.3.13.1) and 4.4.x (prior to 4.4.6.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.0.10.10 or newer, or 4.2.13.3 or newer, or 4.3.13.1 or newer, or 4.4.6.1 or newer, or apply the patch listed below.\n\n### References\n\nThanks to Maksymilian Arciemowicz of <http://cxsecurity.com> for reporting this vulnerability.\n\nAssigned CVE ids: [CVE-2015-3903](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-295](<https://cwe.mitre.org/data/definitions/295.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [5ebc4daf131dd3bd646326267f3e765d0249bbb4](<https://github.com/phpmyadmin/phpmyadmin/commit/5ebc4daf131dd3bd646326267f3e765d0249bbb4>)\n\nThe following commits have been made on the 4.0 branch to fix this issue:\n\n * [e97e7fb0ea2dedfaa95c7dbe872027fb4bd4204c](<https://github.com/phpmyadmin/phpmyadmin/commit/e97e7fb0ea2dedfaa95c7dbe872027fb4bd4204c>)\n\nThe following commits have been made on the 4.2 branch to fix this issue:\n\n * [0e18931d9e4b23053285b6fddf3493ca426ff684](<https://github.com/phpmyadmin/phpmyadmin/commit/0e18931d9e4b23053285b6fddf3493ca426ff684>)\n\nThe following commits have been made on the 4.3 branch to fix this issue:\n\n * [75499e790429c491840a0ad31d4de84aca215d23](<https://github.com/phpmyadmin/phpmyadmin/commit/75499e790429c491840a0ad31d4de84aca215d23>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "PHPMYADMIN:PMASA-2015-3", "href": "https://www.phpmyadmin.net/security/PMASA-2015-3/", "title": "Vulnerability allowing man-in-the-middle attack on API call to GitHub.", "type": "phpmyadmin", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T19:30:59", "bulletinFamily": "software", "description": "## PMASA-2015-2\n\n**Announcement-ID:** PMASA-2015-2\n\n**Date:** 2015-05-13\n\n### Summary\n\nXSRF/CSRF vulnerability in phpMyAdmin setup.\n\n### Description\n\nBy deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup.\n\n### Severity\n\nWe consider this vulnerability to be non critical.\n\n### Mitigation factor\n\nThis vulnerability only affects the configuration file generation process and does not affect the effective configuration file. Moreover, the configuration file being generated is at risk only during the period when it's writable.\n\n### Affected Versions\n\nVersions 4.0.x (prior to 4.0.10.10), 4.2.x (prior to 4.2.13.3), 4.3.x (prior to 4.3.13.1) and 4.4.x (prior to 4.4.6.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.0.10.10 or newer, or 4.2.13.3 or newer, or 4.3.13.1 or newer, or 4.4.6.1 or newer, or apply the patch listed below.\n\n### References\n\nThanks to Inti De Ceukelaire (<http://ceukelai.re>) for reporting this vulnerability.\n\nAssigned CVE ids: [CVE-2015-3902](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-352](<https://cwe.mitre.org/data/definitions/352.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [ee92eb9bab8e2d546756c1d4aec81ec7c8e44b83](<https://github.com/phpmyadmin/phpmyadmin/commit/ee92eb9bab8e2d546756c1d4aec81ec7c8e44b83>)\n\nThe following commits have been made on the 4.0 branch to fix this issue:\n\n * [fea1d39fef540afa4105c6fbcc849f7e516f3da8](<https://github.com/phpmyadmin/phpmyadmin/commit/fea1d39fef540afa4105c6fbcc849f7e516f3da8>)\n\nThe following commits have been made on the 4.2 branch to fix this issue:\n\n * [c903ecf6751684b6af2d079c78b1f0d09ea2bd47](<https://github.com/phpmyadmin/phpmyadmin/commit/c903ecf6751684b6af2d079c78b1f0d09ea2bd47>)\n\nThe following commits have been made on the 4.3 branch to fix this issue:\n\n * [9817bd4030de949ba9ce4cd1b3f047e22d8f66bd](<https://github.com/phpmyadmin/phpmyadmin/commit/9817bd4030de949ba9ce4cd1b3f047e22d8f66bd>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "PHPMYADMIN:PMASA-2015-2", "href": "https://www.phpmyadmin.net/security/PMASA-2015-2/", "title": "XSRF/CSRF vulnerability in phpMyAdmin setup.", "type": "phpmyadmin", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "description": "\r\n\r\nphpMyAdmin 4.4.6 Man-In-the-Middle to API Github &#40;CVE-2015-3903&#41;\r\nAuthor: Maksymilian Arciemowicz from https://cxsecurity.com\r\nIssue type: CWE-295\r\n\r\nSource URL:\r\nhttp://cxsecurity.com/issue/WLB-2015050095\r\n\r\n--- Description ---\r\nAs we can read\r\n\r\nCURLOPT_SSL_VERIFYPEER option.\r\nhttp://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html\r\nWARNING: disabling verification of the certificate allows bad guys to man-in-the-middle the communication without you knowing it. Disabling verification makes the communication insecure. Just having encryption on a transfer is not enough as you cannot be sure that you are communicating with the correct end-point.\r\n\r\nCURLOPT_SSL_VERIFYHOST option.\r\nhttp://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html\r\nWhen the verify value is 0, the connection succeeds regardless of the names in the certificate. Use that ability with caution!\r\n\r\n\r\n--- MItM in libraries/Config.class.php ---\r\n\r\nLet&#39;s see libraries/Config.class.php file\r\n\r\n-------------------------------\r\nhttps://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/Config.class.php\r\n..\r\n// check if commit exists in Github\r\nif &#40;$commit !== false\r\n&amp;&amp; isset&#40;$_SESSION[&#39;PMA_VERSION_REMOTECOMMIT_&#39; . $hash]&#41;\r\n&#41; {\r\n$is_remote_commit = $_SESSION[&#39;PMA_VERSION_REMOTECOMMIT_&#39; . $hash];\r\n} else {\r\n$link = &#39;https://api.github.com/repos/phpmyadmin/phpmyadmin/git/commits/&#39;\r\n. $hash;\r\n$is_found = $this-&gt;checkHTTP&#40;$link, ! $commit&#41;;\r\n.. \r\n$link = &#39;https://api.github.com/repos/phpmyadmin/phpmyadmin&#39;\r\n. &#39;/git/trees/&#39; . $branch;\r\n$is_found = $this-&gt;checkHTTP&#40;$link&#41;;\r\n..\r\n------------------------------- \r\n\r\nwhere checkHTTP&#40;&#41; is vulnerable for MItM attack\r\n\r\nhttps://cwe.mitre.org/data/definitions/295.html\r\n\r\n-------------------------------\r\n..\r\nfunction checkHTTP&#40;$link, $get_body = false&#41;\r\n{\r\nif &#40;! function_exists&#40;&#39;curl_init&#39;&#41;&#41; {\r\nreturn null;\r\n}\r\n$ch = curl_init&#40;$link&#41;;\r\ncurl_setopt&#40;$ch, CURLOPT_FOLLOWLOCATION, 0&#41;;\r\ncurl_setopt&#40;$ch, CURLOPT_HEADER, 1&#41;;\r\ncurl_setopt&#40;$ch, CURLOPT_RETURNTRANSFER, 1&#41;;\r\ncurl_setopt&#40;$ch, CURLOPT_SSL_VERIFYHOST, 0&#41;; &lt;=============== MItM\r\ncurl_setopt&#40;$ch, CURLOPT_SSL_VERIFYPEER, 0&#41;; &lt;=============== MItM\r\ncurl_setopt&#40;$ch, CURLOPT_CONNECTTIMEOUT, 5&#41;;\r\ncurl_setopt&#40;$ch, CURLOPT_USERAGENT, &#39;phpMyAdmin/&#39; . PMA_VERSION&#41;;\r\ncurl_setopt&#40;$ch, CURLOPT_TIMEOUT, 5&#41;;\r\nif &#40;! defined&#40;&#39;TESTSUITE&#39;&#41;&#41; {\r\nsession_write_close&#40;&#41;;\r\n}\r\n$data = @curl_exec&#40;$ch&#41;;\r\nif &#40;! defined&#40;&#39;TESTSUITE&#39;&#41;&#41; {\r\nini_set&#40;&#39;session.use_only_cookies&#39;, &#39;0&#39;&#41;;\r\nini_set&#40;&#39;session.use_cookies&#39;, &#39;0&#39;&#41;;\r\nini_set&#40;&#39;session.use_trans_sid&#39;, &#39;0&#39;&#41;;\r\nini_set&#40;&#39;session.cache_limiter&#39;, &#39;nocache&#39;&#41;;\r\nsession_start&#40;&#41;;\r\n}\r\nif &#40;$data === false&#41; {\r\nreturn null;\r\n}\r\n$httpOk = &#39;HTTP/1.1 200 OK&#39;;\r\n$httpNotFound = &#39;HTTP/1.1 404 Not Found&#39;;\r\n..\r\n-------------------------------\r\n\r\nExample target URL:\r\nhttps://api.github.com/repos/phpmyadmin/phpmyadmin/git/trees/master\r\n\r\n--- Credit ---\r\nIssue discovered by Maksymilian Arciemowicz from http://cxsecurity.com by using cIFrex &#40;static code analysis tool http://cifrex.org &#41;.\r\n\r\n--- Patch ---\r\nhttp://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php\r\nhttp://cxsecurity.com/issue/WLB-2015050095\r\n\r\n", "modified": "2015-05-18T00:00:00", "published": "2015-05-18T00:00:00", "id": "SECURITYVULNS:DOC:32132", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32132", "title": "phpMyAdmin 4.4.6 Man-In-the-Middle API Github", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2015-05-18T00:00:00", "published": "2015-05-18T00:00:00", "id": "SECURITYVULNS:VULN:14499", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14499", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:45", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3382-1 security@debian.org\nhttps://www.debian.org/security/ Thijs Kinkhorst\nOctober 28, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : phpmyadmin\nCVE ID : CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902\n CVE-2015-3903 CVE-2015-6830 CVE-2015-7873\nDebian Bug : 774194\n\nSeveral issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.\n\nCVE-2014-8958 (Wheezy only)\n\n Multiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218 (Wheezy only)\n\n Denial of service (resource consumption) via a long password.\n\nCVE-2015-2206\n\n Risk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902\n\n XSRF/CSRF vulnerability in phpMyAdmin setup.\n\nCVE-2015-3903 (Jessie only)\n\n Vulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nCVE-2015-6830 (Jessie only)\n\n Vulnerability that allows bypassing the reCaptcha test.\n\nCVE-2015-7873 (Jessie only)\n\n Content spoofing vulnerability when redirecting user to an\n external site.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4:3.4.11.1-2+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:4.5.1-1.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-10-28T19:52:51", "published": "2015-10-28T19:52:51", "id": "DEBIAN:DSA-3382-1:A1C93", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00281.html", "title": "[SECURITY] [DSA 3382-1] phpmyadmin security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:23:08", "bulletinFamily": "unix", "description": "Package : phpmyadmin\nVersion : 4:3.3.7-9\nCVE ID : CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902\n\nSeveral issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.\n\nCVE-2014-8958\n\n Multiple cross-site scripting (XSS) vulnerabilities.\n\nCVE-2014-9218\n\n Denial of service (resource consumption) via a long password.\n\nCVE-2015-2206\n\n Risk of BREACH attack due to reflected parameter.\n\nCVE-2015-3902\n\n XSRF/CSRF vulnerability in phpMyAdmin setup.\n", "modified": "2015-10-28T20:01:35", "published": "2015-10-28T20:01:35", "id": "DEBIAN:DLA-336-1:24EC3", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201510/msg00014.html", "title": "[SECURITY] [DLA 336-1] phpmyadmin security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}