vuln-list-alt/oval/p9/ALT-PU-2014-2138/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20142138",
      "Version": "oval:org.altlinux.errata:def:20142138",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2014-2138: package `phpMyAdmin` update to version 4.2.8.1-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2014-2138",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2014-2138",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2014-6300",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-6300",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades phpMyAdmin to version 4.2.8.1-alt1. \nSecurity Fix(es):\n\n * CVE-2014-6300: Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2014-09-14"
          },
          "Updated": {
            "Date": "2014-09-14"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2014-6300",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-6300",
              "Impact": "Low",
              "Public": "20141108"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9",
              "cpe:/o:alt:kworkstation:9.1",
              "cpe:/o:alt:workstation:9.1",
              "cpe:/o:alt:server:9.1",
              "cpe:/o:alt:server-v:9.1",
              "cpe:/o:alt:education:9.1",
              "cpe:/o:alt:slinux:9.1",
              "cpe:/o:alt:starterkit:9.1",
              "cpe:/o:alt:kworkstation:9.2",
              "cpe:/o:alt:workstation:9.2",
              "cpe:/o:alt:server:9.2",
              "cpe:/o:alt:server-v:9.2",
              "cpe:/o:alt:education:9.2",
              "cpe:/o:alt:slinux:9.2",
              "cpe:/o:alt:starterkit:9.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20142138001",
                "Comment": "phpMyAdmin is earlier than 0:4.2.8.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20142138002",
                "Comment": "phpMyAdmin-apache is earlier than 0:4.2.8.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20142138003",
                "Comment": "phpMyAdmin-apache2 is earlier than 0:4.2.8.1-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}