[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2206Date: (C)2015-03-10   (M)2023-12-22


libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1031871
BID-72949
DSA-3382
FEDORA-2015-3287
FEDORA-2015-3329
FEDORA-2015-3336
MDVSA-2015:186
http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php
https://github.com/phpmyadmin/phpmyadmin/commit/b2f1e895038a5700bf8e81fb9a5da36cbdea0eeb
openSUSE-SU-2015:1191

CPE    50
cpe:/a:phpmyadmin:phpmyadmin:4.3.1
cpe:/a:phpmyadmin:phpmyadmin:4.3.2
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
...
CWE    1
CWE-200
OVAL    3
oval:org.secpod.oval:def:602256
oval:org.secpod.oval:def:108494
oval:org.secpod.oval:def:108496

© SecPod Technologies