|
|
Log in / Subscribe / Register

phpMyAdmin: information leak

Package(s):phpMyAdmin CVE #(s):CVE-2015-2206
Created:March 16, 2015 Updated:March 31, 2015
Description: From the CVE entry:

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Alerts:
Debian-LTS DLA-336-1 phpmyadmin 2015-10-28
Debian DSA-3382-1 phpmyadmin 2015-10-28
openSUSE openSUSE-SU-2015:1191-1 phpMyAdmin 2015-07-04
Mandriva MDVSA-2015:186 phpmyadmin 2015-03-31
Fedora FEDORA-2015-3329 phpMyAdmin 2015-03-14
Fedora FEDORA-2015-3336 phpMyAdmin 2015-03-14
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds