Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2008-3456 - CERT CVE
CVE-2008-3456
ID
CVE-2008-3456
Sažetak
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
Reference
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://secunia.com/advisories/31263
http://secunia.com/advisories/31312
http://secunia.com/advisories/32834
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6
http://www.securityfocus.com/bid/30420
http://www.vupen.com/english/advisories/2008/2226/references
http://yehg.net/lab/pr0js/advisories/Cross-Site_Framing_inphpMyAdmin2.11.7.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44050
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html
CVSS
Base:
6.4
Impact:
4.9
Exploitability:
10.0
Pristup
Vektor
Složenost
Autentikacija
NETWORK
LOW
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
NONE
PARTIAL
PARTIAL
CVSS vektor
AV:N/AC:L/Au:N/C:N/I:P/A:P
Zadnje važnije ažuriranje
08-08-2017 - 01:31
Objavljeno
04-08-2008 - 19:41