FreeBSD : phpMyAdmin -- Content spoofing vulnerability (08d11134-79c5-11e5-8987-6805ca0b3d42)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The phpMyAdmin development team reports :

This vulnerability allows an attacker to perform a content spoofing
attack using the phpMyAdmin's redirection mechanism to external sites.

We consider this vulnerability to be non critical since the spoofed
content is escaped and no HTML injection is possible.

See also :

https://www.phpmyadmin.net/security/PMASA-2015-5/
http://www.nessus.org/u?230c4bb8

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86584 ()

Bugtraq ID:

CVE ID: CVE-2015-7873

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now