Detections
Analytics

FreeBSD : phpMyAdmin -- clickJacking protection can be bypassed (17326fd5-fcfb-11e2-9bb9-6805ca0b3d42)

high Nessus Plugin ID 69213

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The phpMyAdmin development team reports :

phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed.

'We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want to introduce a dependency to JavaScript in the 3.5.x family.'

Solution

Update the affected package.

See Also

https://www.phpmyadmin.net/security/PMASA-2013-10/

http://www.nessus.org/u?3f914590

Plugin Details

Severity: High

ID: 69213

File Name: freebsd_pkg_17326fd5fcfb11e29bb96805ca0b3d42.nasl

Version: 1.5

Type: local

Published: 8/5/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/4/2013

Vulnerability Publication Date: 8/4/2013