08 Mar 2015

CVE-2015-2206

Publié par . Publié dans Gain information

Vulnerability Details : CVE-2015-2206

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
Publish Date : 2015-03-09 Last Update Date : 2015-03-23

- CVSS Scores & Vulnerability Types

CVSS Score	5.0
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	None(There is no impact to the integrity of the system)
Availability Impact	None(There is no impact to the availability of the system.)
Access Complexity	Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required(Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Obtain InformationCSRF
CWE ID	200

- Products Affected By CVE-2015-2206

#	Product Type	Vendor	Product	Version	Update
1	Application	Phpmyadmin	Phpmyadmin	4.0.0		Version Details Vulnerabilities
2	Application	Phpmyadmin	Phpmyadmin	4.0.0	RC2	Version Details Vulnerabilities
3	Application	Phpmyadmin	Phpmyadmin	4.0.0	RC3	Version Details Vulnerabilities
4	Application	Phpmyadmin	Phpmyadmin	4.0.1		Version Details Vulnerabilities
5	Application	Phpmyadmin	Phpmyadmin	4.0.2		Version Details Vulnerabilities
6	Application	Phpmyadmin	Phpmyadmin	4.0.3		Version Details Vulnerabilities
7	Application	Phpmyadmin	Phpmyadmin	4.0.4		Version Details Vulnerabilities
8	Application	Phpmyadmin	Phpmyadmin	4.0.4.1		Version Details Vulnerabilities
9	Application	Phpmyadmin	Phpmyadmin	4.0.4.2		Version Details Vulnerabilities
10	Application	Phpmyadmin	Phpmyadmin	4.0.5		Version Details Vulnerabilities
11	Application	Phpmyadmin	Phpmyadmin	4.0.6		Version Details Vulnerabilities
12	Application	Phpmyadmin	Phpmyadmin	4.0.7		Version Details Vulnerabilities
13	Application	Phpmyadmin	Phpmyadmin	4.0.8		Version Details Vulnerabilities
14	Application	Phpmyadmin	Phpmyadmin	4.0.9		Version Details Vulnerabilities
15	Application	Phpmyadmin	Phpmyadmin	4.0.10		Version Details Vulnerabilities
16	Application	Phpmyadmin	Phpmyadmin	4.0.10.1		Version Details Vulnerabilities
17	Application	Phpmyadmin	Phpmyadmin	4.0.10.2		Version Details Vulnerabilities
18	Application	Phpmyadmin	Phpmyadmin	4.0.10.3		Version Details Vulnerabilities
19	Application	Phpmyadmin	Phpmyadmin	4.0.10.4		Version Details Vulnerabilities
20	Application	Phpmyadmin	Phpmyadmin	4.0.10.5		Version Details Vulnerabilities
21	Application	Phpmyadmin	Phpmyadmin	4.0.10.6		Version Details Vulnerabilities
22	Application	Phpmyadmin	Phpmyadmin	4.0.10.7		Version Details Vulnerabilities
23	Application	Phpmyadmin	Phpmyadmin	4.0.10.8		Version Details Vulnerabilities
24	Application	Phpmyadmin	Phpmyadmin	4.2.0		Version Details Vulnerabilities
25	Application	Phpmyadmin	Phpmyadmin	4.2.1		Version Details Vulnerabilities
26	Application	Phpmyadmin	Phpmyadmin	4.2.2		Version Details Vulnerabilities
27	Application	Phpmyadmin	Phpmyadmin	4.2.3		Version Details Vulnerabilities
28	Application	Phpmyadmin	Phpmyadmin	4.2.4		Version Details Vulnerabilities
29	Application	Phpmyadmin	Phpmyadmin	4.2.5		Version Details Vulnerabilities
30	Application	Phpmyadmin	Phpmyadmin	4.2.6		Version Details Vulnerabilities
31	Application	Phpmyadmin	Phpmyadmin	4.2.7		Version Details Vulnerabilities
32	Application	Phpmyadmin	Phpmyadmin	4.2.7.1		Version Details Vulnerabilities
33	Application	Phpmyadmin	Phpmyadmin	4.2.8		Version Details Vulnerabilities
34	Application	Phpmyadmin	Phpmyadmin	4.2.8.1		Version Details Vulnerabilities
35	Application	Phpmyadmin	Phpmyadmin	4.2.9		Version Details Vulnerabilities
36	Application	Phpmyadmin	Phpmyadmin	4.2.9.1		Version Details Vulnerabilities
37	Application	Phpmyadmin	Phpmyadmin	4.2.10		Version Details Vulnerabilities
38	Application	Phpmyadmin	Phpmyadmin	4.2.10.1		Version Details Vulnerabilities
39	Application	Phpmyadmin	Phpmyadmin	4.2.11		Version Details Vulnerabilities
40	Application	Phpmyadmin	Phpmyadmin	4.2.12		Version Details Vulnerabilities
41	Application	Phpmyadmin	Phpmyadmin	4.2.13		Version Details Vulnerabilities
42	Application	Phpmyadmin	Phpmyadmin	4.2.13.1		Version Details Vulnerabilities
43	Application	Phpmyadmin	Phpmyadmin	4.3.0		Version Details Vulnerabilities
44	Application	Phpmyadmin	Phpmyadmin	4.3.1		Version Details Vulnerabilities
45	Application	Phpmyadmin	Phpmyadmin	4.3.2		Version Details Vulnerabilities
46	Application	Phpmyadmin	Phpmyadmin	4.3.3		Version Details Vulnerabilities
47	Application	Phpmyadmin	Phpmyadmin	4.3.4		Version Details Vulnerabilities
48	Application	Phpmyadmin	Phpmyadmin	4.3.5		Version Details Vulnerabilities
49	Application	Phpmyadmin	Phpmyadmin	4.3.6		Version Details Vulnerabilities
50	Application	Phpmyadmin	Phpmyadmin	4.3.7		Version Details Vulnerabilities
51	Application	Phpmyadmin	Phpmyadmin	4.3.8		Version Details Vulnerabilities
52	Application	Phpmyadmin	Phpmyadmin	4.3.9		Version Details Vulnerabilities
53	Application	Phpmyadmin	Phpmyadmin	4.3.10		Version Details Vulnerabilities
54	Application	Phpmyadmin	Phpmyadmin	4.3.11		Version Details Vulnerabilities