Lucene search

MitreCVE-2016-2562

HistoryMar 01, 2016 - 11:59 a.m.

CVE-2016-2562

2016-03-0111:59:04

CWE-20

mitre

web.nvd.nist.gov

cve-2016-2562

phpmyadmin

ssl

x.509 certificates

api.github.com

man-in-the-middle

security vulnerability

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch4.5.0

phpmyadminphpmyadminMatch4.5.0beta1

phpmyadminphpmyadminMatch4.5.0beta2

phpmyadminphpmyadminMatch4.5.0rc1

phpmyadminphpmyadminMatch4.5.0.1

phpmyadminphpmyadminMatch4.5.0.2

phpmyadminphpmyadminMatch4.5.1

phpmyadminphpmyadminMatch4.5.2

phpmyadminphpmyadminMatch4.5.3

phpmyadminphpmyadminMatch4.5.3.1

phpmyadminphpmyadminMatch4.5.4

phpmyadminphpmyadminMatch4.5.4.1

phpmyadminphpmyadminMatch4.5.5

VendorProductVersionCPE
phpmyadminphpmyadmin4.5.3.1cpe:/a:phpmyadmin:phpmyadmin:4.5.3.1:::
phpmyadminphpmyadmin4.5.0cpe:/a:phpmyadmin:phpmyadmin:4.5.0:::
phpmyadminphpmyadmin4.5.1cpe:/a:phpmyadmin:phpmyadmin:4.5.1:::
phpmyadminphpmyadmin4.5.5cpe:/a:phpmyadmin:phpmyadmin:4.5.5:::
phpmyadminphpmyadmin4.5.2cpe:/a:phpmyadmin:phpmyadmin:4.5.2:::
phpmyadminphpmyadmin4.5.4cpe:/a:phpmyadmin:phpmyadmin:4.5.4:::
phpmyadminphpmyadmin4.5.4.1cpe:/a:phpmyadmin:phpmyadmin:4.5.4.1:::
phpmyadminphpmyadmin4.5.0.1cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1:::
phpmyadminphpmyadmin4.5.3cpe:/a:phpmyadmin:phpmyadmin:4.5.3:::
phpmyadminphpmyadmin4.5.0cpe:/a:phpmyadmin:phpmyadmin:4.5.0:beta1::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	4.5.3.1	cpe:/a:phpmyadmin:phpmyadmin:4.5.3.1:::
phpmyadmin	phpmyadmin	4.5.0	cpe:/a:phpmyadmin:phpmyadmin:4.5.0:::
phpmyadmin	phpmyadmin	4.5.1	cpe:/a:phpmyadmin:phpmyadmin:4.5.1:::
phpmyadmin	phpmyadmin	4.5.5	cpe:/a:phpmyadmin:phpmyadmin:4.5.5:::
phpmyadmin	phpmyadmin	4.5.2	cpe:/a:phpmyadmin:phpmyadmin:4.5.2:::
phpmyadmin	phpmyadmin	4.5.4	cpe:/a:phpmyadmin:phpmyadmin:4.5.4:::
phpmyadmin	phpmyadmin	4.5.4.1	cpe:/a:phpmyadmin:phpmyadmin:4.5.4.1:::
phpmyadmin	phpmyadmin	4.5.0.1	cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1:::
phpmyadmin	phpmyadmin	4.5.3	cpe:/a:phpmyadmin:phpmyadmin:4.5.3:::
phpmyadmin	phpmyadmin	4.5.0	cpe:/a:phpmyadmin:phpmyadmin:4.5.0:beta1::