Web application abuses : phpMyAdmin Content spoofing vulnerability Nov15 (Linux)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.806736

Kategorie: Web application abuses

Titel: phpMyAdmin Content spoofing vulnerability Nov15 (Linux)

Zusammenfassung: This host is installed with phpMyAdmin and; is prone to content spoofing vulnerability.

Beschreibung: Summary:
This host is installed with phpMyAdmin and
is prone to content spoofing vulnerability.

Vulnerability Insight:
The flaw is due to insufficient sanitization
user supplied input via 'url' parameter in url.php script.

Vulnerability Impact:
Successfully exploiting this issue may allow
remote attackers to perform a content spoofing attack using the phpMyAdmin's
redirection mechanism to external sites.

Affected Software/OS:
phpMyAdmin versions 4.4.x before 4.4.15.1
and 4.5.x before 4.5.1 on Linux

Solution:
Upgrade to phpMyAdmin 4.4.15.1 or 4.5.1
or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: BugTraq ID: 77299
Common Vulnerability Exposure (CVE) ID: CVE-2015-7873
http://www.securityfocus.com/bid/77299
Debian Security Information: DSA-3382 (Google Search)
http://www.debian.org/security/2015/dsa-3382
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html
http://www.securitytracker.com/id/1034013

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.806736
Kategorie:	Web application abuses
Titel:	phpMyAdmin Content spoofing vulnerability Nov15 (Linux)
Zusammenfassung:	This host is installed with phpMyAdmin and; is prone to content spoofing vulnerability.
Beschreibung:	Summary: This host is installed with phpMyAdmin and is prone to content spoofing vulnerability. Vulnerability Insight: The flaw is due to insufficient sanitization user supplied input via 'url' parameter in url.php script. Vulnerability Impact: Successfully exploiting this issue may allow remote attackers to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. Affected Software/OS: phpMyAdmin versions 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 on Linux Solution: Upgrade to phpMyAdmin 4.4.15.1 or 4.5.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 77299 Common Vulnerability Exposure (CVE) ID: CVE-2015-7873 http://www.securityfocus.com/bid/77299 Debian Security Information: DSA-3382 (Google Search) http://www.debian.org/security/2015/dsa-3382 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html http://www.securitytracker.com/id/1034013
Copyright	Copyright (C) 2015 Greenbone Networks GmbH