CVE Vulnerabilities

CVE-2016-6629

Published: Dec 11, 2016 | Modified: Jul 01, 2017
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue was discovered in phpMyAdmin involving the $cfg[ArbitraryServerRegexp] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Affected Software

Name Vendor Start Version End Version
Phpmyadmin Phpmyadmin 4.6.0 (including) 4.6.0 (including)
Phpmyadmin Phpmyadmin 4.6.1 (including) 4.6.1 (including)
Phpmyadmin Phpmyadmin 4.6.2 (including) 4.6.2 (including)
Phpmyadmin Phpmyadmin 4.6.3 (including) 4.6.3 (including)
Phpmyadmin Ubuntu esm-apps/xenial *
Phpmyadmin Ubuntu esm-infra-legacy/trusty *
Phpmyadmin Ubuntu precise *
Phpmyadmin Ubuntu trusty *
Phpmyadmin Ubuntu trusty/esm *
Phpmyadmin Ubuntu upstream *
Phpmyadmin Ubuntu xenial *

References