Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2206

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2206
Last Modified 02 Apr 2015 10:00:43
Published 09 Mar 2015 01:59:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2206

Summary

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Vulnerable Systems

Application

  • Phpmyadmin 4.0.0

  • Phpmyadmin 4.0.1

  • Phpmyadmin 4.0.10

  • Phpmyadmin 4.0.10.1

  • Phpmyadmin 4.0.10.2

  • Phpmyadmin 4.0.10.3

  • Phpmyadmin 4.0.10.4

  • Phpmyadmin 4.0.10.5

  • Phpmyadmin 4.0.10.6

  • Phpmyadmin 4.0.10.7

  • Phpmyadmin 4.0.10.8

  • Phpmyadmin 4.0.2

  • Phpmyadmin 4.0.3

  • Phpmyadmin 4.0.4

  • Phpmyadmin 4.0.4.1

  • Phpmyadmin 4.0.4.2

  • Phpmyadmin 4.0.5

  • Phpmyadmin 4.0.6

  • Phpmyadmin 4.0.7

  • Phpmyadmin 4.0.8

  • Phpmyadmin 4.0.9

  • Phpmyadmin 4.2.0

  • Phpmyadmin 4.2.1

  • Phpmyadmin 4.2.10

  • Phpmyadmin 4.2.10.1

  • Phpmyadmin 4.2.11

  • Phpmyadmin 4.2.12

  • Phpmyadmin 4.2.13

  • Phpmyadmin 4.2.13.1

  • Phpmyadmin 4.2.2

  • Phpmyadmin 4.2.3

  • Phpmyadmin 4.2.4

  • Phpmyadmin 4.2.5

  • Phpmyadmin 4.2.6

  • Phpmyadmin 4.2.7

  • Phpmyadmin 4.2.7.1

  • Phpmyadmin 4.2.8

  • Phpmyadmin 4.2.8.1

  • Phpmyadmin 4.2.9

  • Phpmyadmin 4.2.9.1

  • Phpmyadmin 4.3.0

  • Phpmyadmin 4.3.1

  • Phpmyadmin 4.3.10

  • Phpmyadmin 4.3.11

  • Phpmyadmin 4.3.2

  • Phpmyadmin 4.3.3

  • Phpmyadmin 4.3.4

  • Phpmyadmin 4.3.5

  • Phpmyadmin 4.3.6

  • Phpmyadmin 4.3.7

  • Phpmyadmin 4.3.8

  • Phpmyadmin 4.3.9


References

CONFIRM - https://github.com/phpmyadmin/phpmyadmin/commit/b2f1e895038a5700bf8e81fb9a5da36cbdea0eeb

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php

SECTRACK - 1031871

FEDORA - FEDORA-2015-3336

FEDORA - FEDORA-2015-3329

FEDORA - FEDORA-2015-3287

MANDRIVA - MDVSA-2015:186


Last Updated: 27 May 2016 11:08:01