phpMyAdmin up to 4.5.5.0 X.509 Certificate Validation Config.class.php checkHTTP input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in phpMyAdmin up to 4.5.5.0. Affected is the function checkHTTP of the file libraries/Config.class.php of the component X.509 Certificate Validation. The manipulation leads to input validation.
This vulnerability is traded as CVE-2016-2562. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Details
A vulnerability, which was classified as critical, has been found in phpMyAdmin up to 4.5.5.0 (Database Administration Software). This issue affects the function checkHTTP of the file libraries/Config.class.php of the component X.509 Certificate Validation. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is confidentiality, and integrity. The summary by CVE is:
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
The weakness was disclosed 03/01/2016 (Website). The advisory is shared at phpmyadmin.net. The identification of this vulnerability is CVE-2016-2562 since 02/25/2016. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available.
By approaching the search of inurl:libraries/Config.class.php it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 89801 (Fedora 23 : php-udan11-sql-parser-3.4.0-1.fc23 / phpMyAdmin-4.5.5.1-1.fc23 (2016-65da02b95c)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 124992 (Fedora Security Update for php-udan11-sql-parser (FEDORA-2016-02ee5b4002)).
Upgrading to version 4.5.5.1 eliminates this vulnerability. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (89801), SecurityFocus (BID 83717†) and Vulnerability Center (SBV-57257†). The entries VDB-81134, VDB-81135 and VDB-81136 are pretty similar. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.8VulDB Meta Temp Score: 6.6
VulDB Base Score: 6.8
VulDB Temp Score: 6.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 89801
Nessus Name: Fedora 23 : php-udan11-sql-parser-3.4.0-1.fc23 / phpMyAdmin-4.5.5.1-1.fc23 (2016-65da02b95c)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 800373
OpenVAS Name: Fedora Update for php-udan11-sql-parser FEDORA-2016-65
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: phpMyAdmin 4.5.5.1
Patch: github.com
Timeline
02/25/2016 🔍02/25/2016 🔍
02/25/2016 🔍
03/01/2016 🔍
03/01/2016 🔍
03/02/2016 🔍
03/09/2016 🔍
03/10/2016 🔍
03/14/2016 🔍
07/08/2022 🔍
Sources
Product: phpmyadmin.netAdvisory: FEDORA-2016-65da02b95c
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-2562 (🔍)
GCVE (CVE): GCVE-0-2016-2562
GCVE (VulDB): GCVE-100-81137
SecurityFocus: 83717 - phpMyAdmin CVE-2016-2562 SSL Certificate Validation Security Bypass Vulnerability
Vulnerability Center: 57257 - phpMyAdmin 4.5 Remote Man-in-the-Middle Attack, Spoofing and Information Disclosure on API Call to GitHub, Medium
See also: 🔍
Entry
Created: 03/02/2016 01:52 PMUpdated: 07/08/2022 07:05 PM
Changes: 03/02/2016 01:52 PM (74), 01/31/2019 01:35 PM (13), 07/08/2022 06:49 PM (5), 07/08/2022 06:57 PM (1), 07/08/2022 07:05 PM (1)
Complete: 🔍
Cache ID: 18:3F1:40
No comments yet. Languages: en.
Please log in to comment.