PhpMyAdmin Denial-of-Service Vulnerability -01 Dec14 Network Vulnerability

Summary

This host is installed with phpMyAdmin and is prone to denial-of-service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause the affected application to crash, denying service to legitimate users. Impact Level: Application

Solution

Upgrade to phpMyAdmin 4.0.10.7 or 4.1.14.8 or 4.2.13.1 or later. For updates refer http://www.phpmyadmin.net

Insight

The flaw exists due to an error triggered during the handling of long passwords

Affected

phpMyAdmin versions 4.0.x prior to 4.0.10.7, 4.1.x prior to 4.1.14.8 and 4.2.x prior to 4.2.13.1

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://1337day.com/exploit/23007
http://osvdb.org/115322
http://secunia.com/advisories/60454
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
http://xforce.iss.net/xforce/xfdb/99140

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9218
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
Django Forms Library Algorithmic Complexity Vulnerability
ClamAV Hash Manager Off-By-One Denial of Service Vulnerability (Win)

phpMyAdmin Denial-of-Service Vulnerability -01 Dec14

Take action and discover your vulnerabilities