CVE-2016-5739

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.

References

http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html

http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html

http://www.debian.org/security/2016/dsa-3627

http://www.securityfocus.com/bid/91389

https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05

https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb

https://security.gentoo.org/glsa/201701-32

https://www.phpmyadmin.net/security/PMASA-2016-28/

Details

Source: MITRE

Published: 2016-07-03

Updated: 2018-10-30

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
99663phpMyAdmin 4.6.x < 4.6.3 Multiple Vulnerabilities (PMASA-2016-17 - PMASA-2016-28)NessusCGI abuses
critical
99662phpMyAdmin 4.4.x < 4.4.15.7 Multiple Vulnerabilities (PMASA-2016-17, PMASA-2016-19, PMASA-2016-21 - PMASA-2016-24, PMASA-2016-26 - PMASA-2016-28)NessusCGI abuses
critical
99661phpMyAdmin 4.0.x < 4.0.10.16 Multiple Vulnerabilities (PMASA-2016-17, PMASA-2016-22 - PMASA-2016-24, PMASA-2016-26 - PMASA-2016-28)NessusCGI abuses
critical
96426GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
92527Debian DSA-3627-1 : phpmyadmin - security updateNessusDebian Local Security Checks
high
92326Debian DLA-551-1 : phpmyadmin security updateNessusDebian Local Security Checks
high
91939FreeBSD : phpMyAdmin -- multiple vulnerabilities (e7028e1d-3f9b-11e6-81f9-6805ca0b3d42)NessusFreeBSD Local Security Checks
critical
91889openSUSE Security Update : phpMyAdmin (openSUSE-2016-806)NessusSuSE Local Security Checks
critical
91888openSUSE Security Update : phpMyAdmin (openSUSE-2016-804)NessusSuSE Local Security Checks
critical