FreeBSD : phpMyAdmin -- XSS and DoS vulnerabilities (c9c46fbf-7b83-11e4-a96e-6805ca0b3d42)
Medium Nessus Plugin ID 79734
The remote FreeBSD host is missing a security-related update.
The phpMyAdmin development team reports : DoS vulnerability with long passwords. With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin. We consider this vulnerability to be serious. This vulnerability can be mitigated by configuring throttling in the webserver. XSS vulnerability in redirection mechanism. With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin. We consider this vulnerability to be non critical.