[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256040

 
 

909

 
 

199103

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3903Date: (C)2015-06-04   (M)2023-12-22


libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1032403
http://www.securityfocus.com/archive/1/535547/100/0/threaded
BID-74660
DSA-3382
http://cxsecurity.com/issue/WLB-2015050095
http://packetstormsecurity.com/files/131954/phpMyAdmin-4.4.6-Man-In-The-Middle.html
http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php
https://github.com/phpmyadmin/phpmyadmin/commit/5ebc4daf131dd3bd646326267f3e765d0249bbb4
openSUSE-SU-2015:1191

CPE    55
cpe:/a:phpmyadmin:phpmyadmin:4.3.1
cpe:/a:phpmyadmin:phpmyadmin:4.3.2
cpe:/a:phpmyadmin:phpmyadmin:4.3.0
cpe:/a:phpmyadmin:phpmyadmin:4.3.5
...
CWE    1
CWE-310
OVAL    3
oval:org.secpod.oval:def:602256
oval:org.secpod.oval:def:108876
oval:org.secpod.oval:def:108870

© SecPod Technologies