Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2562

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

Published

2016-03-01T11:59:04.643

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.0.2	Yes
Application	phpmyadmin	phpmyadmin	4.5.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.2	Yes
Application	phpmyadmin	phpmyadmin	4.5.3	Yes
Application	phpmyadmin	phpmyadmin	4.5.3.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.4	Yes
Application	phpmyadmin	phpmyadmin	4.5.4.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.5	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976 Patch ([email protected])
https://www.phpmyadmin.net/security/PMASA-2016-13/ Patch, Vendor Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.phpmyadmin.net/security/PMASA-2016-13/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)