FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- XSS and DoS vulnerabilities

Affected packages
4.2.0 <= phpMyAdmin < 4.2.13.1

Details

VuXML ID c9c46fbf-7b83-11e4-a96e-6805ca0b3d42
Discovery 2014-12-03
Entry 2014-12-04

The phpMyAdmin development team reports:

DoS vulnerability with long passwords.

With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin.

We consider this vulnerability to be serious.

This vulnerability can be mitigated by configuring throttling in the webserver.

XSS vulnerability in redirection mechanism.

With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin.

We consider this vulnerability to be non critical.

References

CVE Name CVE-2014-9218
CVE Name CVE-2014-9219
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php