New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 2.5
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in phpmyadmin :
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 188.8.131.52, 4.2.x before 184.108.40.206, and 4.3.x before 220.127.116.11 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests (CVE-2015-2206).
This upgrade provides the latest phpmyadmin version (18.104.22.168) to address this vulnerability.
Additionally, the phpseclib package has been upgraded to the 0.3.10 version.
SolutionUpdate the affected phpmyadmin and / or phpseclib packages.