Executive Summary

Informations
NameCVE-2011-0986First vendor Publication2011-02-14
VendorCveLast vendor Modification2011-03-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application67

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
File : nvt/glsa_201201_01.nasl
2011-02-28Name : Fedora Update for phpMyAdmin FEDORA-2011-1373
File : nvt/gb_fedora_2011_1373_phpMyAdmin_fc13.nasl
2011-02-28Name : Fedora Update for phpMyAdmin FEDORA-2011-1408
File : nvt/gb_fedora_2011_1408_phpMyAdmin_fc14.nasl
2011-02-16Name : Mandriva Update for phpmyadmin MDVSA-2011:026 (phpmyadmin)
File : nvt/gb_mandriva_MDVSA_2011_026.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
72915phpMyAdmin Multiple Nonexistent File Direct Request Installation Path Disclosure

Nessus® Vulnerability Scanner

DateDescription
2012-01-05Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-01.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Fedora host is missing a security update.
File : fedora_2011-1373.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Fedora host is missing a security update.
File : fedora_2011-1408.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;...
http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/05434...
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/05435...
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:026
SECUNIAhttp://secunia.com/advisories/43478
VUPENhttp://www.vupen.com/english/advisories/2011/0385
XFhttp://xforce.iss.net/xforce/xfdb/65424

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:00:49
  • Multiple Updates
2013-05-10 22:55:49
  • Multiple Updates