Lucene search

FreeBSDC9C46FBF-7B83-11E4-A96E-6805CA0B3D42

HistoryDec 03, 2014 - 12:00 a.m.

phpMyAdmin -- XSS and DoS vulnerabilities

2014-12-0300:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.203 Low

EPSS

Percentile

96.3%

JSON

The phpMyAdmin development team reports:

DoS vulnerability with long passwords.
With very long passwords it was possible to initiate a
denial of service attack on phpMyAdmin.
We consider this vulnerability to be serious.
This vulnerability can be mitigated by configuring
throttling in the webserver.

XSS vulnerability in redirection mechanism.
With a crafted URL it was possible to trigger an XSS in
the redirection mechanism in phpMyAdmin.
We consider this vulnerability to be non critical.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphpmyadmin= 4.2.0UNKNOWN
FreeBSDanynoarchphpmyadmin< 4.2.13.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	phpmyadmin	= 4.2.0	UNKNOWN
FreeBSD	any	noarch	phpmyadmin	< 4.2.13.1	UNKNOWN

References

www.phpmyadmin.net/home_page/security/PMASA-2014-17.php

www.phpmyadmin.net/home_page/security/PMASA-2014-18.php

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.203 Low

EPSS

Percentile

96.3%

JSON

Related for C9C46FBF-7B83-11E4-A96E-6805CA0B3D42