Lucene search

[email protected]NVD:CVE-2015-2206

HistoryMar 09, 2015 - 5:59 p.m.

CVE-2015-2206

2015-03-0917:59:10

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.5%

JSON

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

phpmyadminphpmyadminMatch4.0.0

phpmyadminphpmyadminMatch4.0.0rc2

phpmyadminphpmyadminMatch4.0.0rc3

phpmyadminphpmyadminMatch4.0.1

phpmyadminphpmyadminMatch4.0.2

phpmyadminphpmyadminMatch4.0.3

phpmyadminphpmyadminMatch4.0.4

phpmyadminphpmyadminMatch4.0.4.1

phpmyadminphpmyadminMatch4.0.4.2

phpmyadminphpmyadminMatch4.0.5

phpmyadminphpmyadminMatch4.0.6

phpmyadminphpmyadminMatch4.0.7

phpmyadminphpmyadminMatch4.0.8

phpmyadminphpmyadminMatch4.0.9

phpmyadminphpmyadminMatch4.0.10

phpmyadminphpmyadminMatch4.0.10.1

phpmyadminphpmyadminMatch4.0.10.2

phpmyadminphpmyadminMatch4.0.10.3

phpmyadminphpmyadminMatch4.0.10.4

phpmyadminphpmyadminMatch4.0.10.5

phpmyadminphpmyadminMatch4.0.10.6

phpmyadminphpmyadminMatch4.0.10.7

phpmyadminphpmyadminMatch4.0.10.8

phpmyadminphpmyadminMatch4.2.0

phpmyadminphpmyadminMatch4.2.1

phpmyadminphpmyadminMatch4.2.2

phpmyadminphpmyadminMatch4.2.3

phpmyadminphpmyadminMatch4.2.4

phpmyadminphpmyadminMatch4.2.5

phpmyadminphpmyadminMatch4.2.6

phpmyadminphpmyadminMatch4.2.7

phpmyadminphpmyadminMatch4.2.7.1

phpmyadminphpmyadminMatch4.2.8

phpmyadminphpmyadminMatch4.2.8.1

phpmyadminphpmyadminMatch4.2.9

phpmyadminphpmyadminMatch4.2.9.1

phpmyadminphpmyadminMatch4.2.10

phpmyadminphpmyadminMatch4.2.10.1

phpmyadminphpmyadminMatch4.2.11

phpmyadminphpmyadminMatch4.2.12

phpmyadminphpmyadminMatch4.2.13

phpmyadminphpmyadminMatch4.2.13.1

phpmyadminphpmyadminMatch4.3.0

phpmyadminphpmyadminMatch4.3.1

phpmyadminphpmyadminMatch4.3.2

phpmyadminphpmyadminMatch4.3.3

phpmyadminphpmyadminMatch4.3.4

phpmyadminphpmyadminMatch4.3.5

phpmyadminphpmyadminMatch4.3.6

phpmyadminphpmyadminMatch4.3.7

phpmyadminphpmyadminMatch4.3.8

phpmyadminphpmyadminMatch4.3.9

phpmyadminphpmyadminMatch4.3.10

phpmyadminphpmyadminMatch4.3.11

References

lists.fedoraproject.org/pipermail/package-announce/2015-March/151331.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/151914.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/151931.html

lists.opensuse.org/opensuse-updates/2015-07/msg00008.html

www.debian.org/security/2015/dsa-3382

www.mandriva.com/security/advisories?name=MDVSA-2015:186

www.phpmyadmin.net/home_page/security/PMASA-2015-1.php

www.securityfocus.com/bid/72949

www.securitytracker.com/id/1031871

github.com/phpmyadmin/phpmyadmin/commit/b2f1e895038a5700bf8e81fb9a5da36cbdea0eeb

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.5%

JSON

Related for NVD:CVE-2015-2206

openvas7 nessus9 debiancve1 cvelist1 f52 freebsd1 ubuntucve1 fedora3 securityvulns2 phpmyadmin1 prion1 cve1 osv2 debian2