PT-2015-6340 · Phpmyadmin+1 · Phpmyadmin+1
Madhura Jayaratne
·
Publicado
2014-05-05
·
Atualizado
2024-06-15
·
CVE-2015-3903
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
phpMyAdmin versions 4.0.x through 4.0.10.9
phpMyAdmin versions 4.2.x through 4.2.13.2
phpMyAdmin versions 4.3.x through 4.3.13.0
phpMyAdmin versions 4.4.x through 4.4.6.0
Description
The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the verification of X.509 certificates for GitHub API calls over SSL is disabled.
Recommendations
For phpMyAdmin versions 4.0.x through 4.0.10.9, update to version 4.0.10.10 or later.
For phpMyAdmin versions 4.2.x through 4.2.13.2, update to version 4.2.13.3 or later.
For phpMyAdmin versions 4.3.x through 4.3.13.0, update to version 4.3.13.1 or later.
For phpMyAdmin versions 4.4.x through 4.4.6.0, update to version 4.4.6.1 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Phpmyadmin