Bug 960282 (CVE-2015-8669) - VUL-0: CVE-2015-8669: phpMyAdmin: remote information leak via crafted HTTP requests
Summary: VUL-0: CVE-2015-8669: phpMyAdmin: remote information leak via crafted HTTP r...
Status: RESOLVED FIXED
Alias: CVE-2015-8669
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.1
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/160118/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-28 13:46 UTC by Victor Pereira
Modified: 2016-06-06 14:12 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-12-28 13:46:24 UTC 
CVE-2015-8669

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x
before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain
sensitive information via a crafted request, which reveals the full path in an
error message.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8669
http://www.cvedetails.com/cve/CVE-2015-8669/
https://www.phpmyadmin.net/security/PMASA-2015-6/
https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45
Comment 1 Swamp Workflow Management 2015-12-28 23:00:22 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-01-04 09:46:24 UTC 
https://build.opensuse.org/request/show/351858
Comment 3 Andreas Stieger 2016-01-11 10:07:48 UTC 
releasing update
Comment 4 Swamp Workflow Management 2016-01-11 13:11:56 UTC 
openSUSE-SU-2016:0067-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 960282,960854
CVE References: CVE-2015-8669
Sources used:
openSUSE Leap 42.1 (src):    phpMyAdmin-4.4.15.2-8.1
openSUSE 13.2 (src):    phpMyAdmin-4.4.15.2-22.1
openSUSE 13.1 (src):    phpMyAdmin-4.4.15.2-42.1