Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This update fixes one vulnerability.

  - Security fixes :

  - PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400)     [boo#908363]     http://www.phpmyadmin.net/home_page/security/PMASA-2014-     17.php

  - sf#4611 [security] DOS attack with long passwords

phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03)

  - Security fixes :

  - PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79)     [boo#908364]     http://www.phpmyadmin.net/home_page/security/PMASA-2014-     18.php

  - sf#4612 [security] XSS vulnerability in redirection     mechanism

  - PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400)     [boo#908363]     http://www.phpmyadmin.net/home_page/security/PMASA-2014-     17.php

  - sf#4611 [security] DOS attack with long passwords

  - Bugfixes :

  - sf#4604 Query history not being deleted

  - sf#4057 db/table query string parameters no longer work

  - sf#4605 Unseen messages in tracking

  - sf#4606 Tracking report export as SQL dump does not work

  - sf#4607 Syntax error during db_copy operation

  - sf#4608 SELECT permission issues with relations and     restricted access

Multiple vulnerabilities has been discovered and corrected in phpmyadmin :

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password (CVE-2014-9218).

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter (CVE-2014-9219).

This upgrade provides the latest phpmyadmin version (4.2.13.1) to address these vulnerabilities.

phpMyAdmin 4.2.13.1 (2014-12-03) ================================

  - [security] XSS vulnerability in redirection mechanism

    - [security] DOS attack with long passwords

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Versions of phpMyAdmin 4.2.x earlier than 4.2.13.1 are unpatched for a cross-site scripting vulnerability in the redirection mechanism that could be leveraged with a maliciously crafted URL being accessed.

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.7, 4.1.x prior to 4.1.14.8, or 4.2.x prior to 4.2.13.1. It is, therefore, affected by the following vulnerabilities :

  - A flaw exists in handling overly long passwords. It is     possible that a remote attacker can cause a denial of     service by using a long password. (CVE-2014-9218)

  - A cross-site scripting flaw exists due to the improper     validation of URLs when handling redirection. A remote     attacker, by using a specially crafted request, could     execute arbitrary script code within the trust     relationship of the browser and server. Note that this     applies only to versions 4.2.x prior to 4.2.13.1.
    (CVE-2014-9219)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The phpMyAdmin development team reports :

DoS vulnerability with long passwords.

With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin.

We consider this vulnerability to be serious.

This vulnerability can be mitigated by configuring throttling in the webserver.

XSS vulnerability in redirection mechanism.

With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin.

We consider this vulnerability to be non critical.

ID	Name	Product	Family	Severity
80049	openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1636-1)	Nessus	SuSE Local Security Checks	medium
79988	Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:243)	Nessus	Mandriva Local Security Checks	medium
79948	Fedora 19 : phpMyAdmin-4.2.13.1-1.fc19 (2014-16474)	Nessus	Fedora Local Security Checks	medium
79936	Fedora 20 : phpMyAdmin-4.2.13.1-1.fc20 (2014-16358)	Nessus	Fedora Local Security Checks	medium
79933	Fedora 21 : phpMyAdmin-4.2.13.1-1.fc21 (2014-16327)	Nessus	Fedora Local Security Checks	medium
8591	phpMyAdmin 4.2.x < 4.2.13.1 XSS (PMASA-2014-18)	Nessus Network Monitor	CGI	low
79797	phpMyAdmin 4.0.x < 4.0.10.7 / 4.1.x < 4.1.14.8 / 4.2.x < 4.2.13.1 Multiple Vulnerabilities (PMASA-2014-17 - PMASA-2014-18)	Nessus	CGI abuses	medium
79734	FreeBSD : phpMyAdmin -- XSS and DoS vulnerabilities (c9c46fbf-7b83-11e4-a96e-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2014-9219

medium

Tenable Plugins

medium

medium

medium

medium

medium

low

medium

medium