pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
965bfc23c8
vuln-list-alt/oval/c9f2/ALT-PU-2016-1758/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

286 lines
14 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20161758",
"Version": "oval:org.altlinux.errata:def:20161758",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-1758: package `phpMyAdmin` update to version 4.6.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-1758",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1758",
"Source": "ALTPU"
},
{
"RefID": "CVE-2016-5097",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5097",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5099",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5099",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5701",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5701",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5702",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5702",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5703",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5703",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5704",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5704",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5705",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5705",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5706",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5706",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5730",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5730",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5731",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5731",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5732",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5732",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5733",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5733",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5734",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5734",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5739",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5739",
"Source": "CVE"
},
{
"RefID": "CVE-2016-6621",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6621",
"Source": "CVE"
}
],
"Description": "This update upgrades phpMyAdmin to version 4.6.3-alt1. \nSecurity Fix(es):\n\n * CVE-2016-5097: phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.\n\n * CVE-2016-5099: Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.\n\n * CVE-2016-5701: setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.\n\n * CVE-2016-5702: phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.\n\n * CVE-2016-5703: SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.\n\n * CVE-2016-5704: Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.\n\n * CVE-2016-5705: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an \"invalid JSON\" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.\n\n * CVE-2016-5706: js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.\n\n * CVE-2016-5730: phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.\n\n * CVE-2016-5731: Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.\n\n * CVE-2016-5732: Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.\n\n * CVE-2016-5733: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.\n\n * CVE-2016-5734: phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.\n\n * CVE-2016-5739: The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.\n\n * CVE-2016-6621: The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-07-15"
},
"Updated": {
"Date": "2016-07-15"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2016-5097",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5097",
"Impact": "Low",
"Public": "20160705"
},
{
"ID": "CVE-2016-5099",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5099",
"Impact": "Low",
"Public": "20160705"
},
{
"ID": "CVE-2016-5701",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5701",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5702",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-254",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5702",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5703",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5703",
"Impact": "Critical",
"Public": "20160703"
},
{
"ID": "CVE-2016-5704",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5704",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5705",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5705",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5706",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5706",
"Impact": "High",
"Public": "20160703"
},
{
"ID": "CVE-2016-5730",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5730",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5731",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5731",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5732",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5732",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5733",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5733",
"Impact": "Low",
"Public": "20160703"
},
{
"ID": "CVE-2016-5734",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-94",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5734",
"Impact": "Critical",
"Public": "20160703"
},
{
"ID": "CVE-2016-5739",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5739",
"Impact": "High",
"Public": "20160703"
},
{
"ID": "CVE-2016-6621",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-918",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6621",
"Impact": "High",
"Public": "20170131"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20161758001",
"Comment": "phpMyAdmin is earlier than 0:4.6.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161758002",
"Comment": "phpMyAdmin-apache2 is earlier than 0:4.6.3-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink