FreeBSD : phpMyAdmin -- Path disclosure due to missing verification of file presence (a81161d2-790f-11e1-ac16-e0cb4e266481)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

The show_config_errors.php scripts did not validate the presence of
the configuration file, so an error message shows the full path of
this file, leading to possible further attacks. For the error messages
to be displayed, php.ini's error_reporting must be set to E_ALL and
display_errors must be On (these settings are not recommended on a
production server in the PHP manual).

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
http://www.nessus.org/u?95587a5b

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 58520 ()

Bugtraq ID:

CVE ID: CVE-2012-1902

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now