NVD

Id
18760  
Name
CVE-2016-2562  
Description
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-03-01  
Modified Date
2016-12-02  
Seq
2016-2562  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
103742 18760 CVE-2016-2562 FEDORA-2016-65da02b95c  View
103743 18760 CVE-2016-2562 FEDORA-2016-02ee5b4002  View
103744 18760 CVE-2016-2562 https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976  View
103745 18760 CVE-2016-2562 https://www.phpmyadmin.net/security/PMASA-2016-13/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
794 JVNDB-2016-001567 phpMyAdmin の libraries/Config.class.php の checkHTTP 関数におけるサーバになりすまされる脆弱性 phpMyAdmin の libraries/Config.class.php の checkHTTP 関数は、api.github.com SSL サーバからの X.509 証明書を検証しないため、サーバになりすまされ、重要な情報を取得される脆弱性が存在します。 CVE-2016-2562 89068 CVE-2016-2562 18760 5.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001567.html 2016-02-25 2016-03-04 View