Published: 08/12/2014 Updated: 08/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

libraries/common.inc.php in phpMyAdmin 4.0.x prior to 4.0.10.7, 4.1.x prior to 4.1.14.8, and 4.2.x prior to 4.2.13.1 allows remote malicious users to cause a denial of service (resource consumption) via a long password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.2.11
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.2.12
phpmyadmin phpmyadmin 4.2.13
phpmyadmin phpmyadmin 4.2.10
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.14.6
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.2.9.1

Debian Bug report logs - #774194 phpmyadmin: CVE-2014-9218 CVE-2014-9219 Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 30 Dec 2014 02:21:01 UTC Severity: g ...

Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL CVE-2014-8958 (Wheezy only) Multiple cross-site scripting (XSS) vulnerabilities CVE-2014-9218 (Wheezy only) Denial of service (resource consumption) via a long password CVE-2015-2206 Risk of BREACH attack due to reflected parameter CVE-2015- ...

============= DESCRIPTION: ============= A vulnerability present in in phpMyAdmin 40x before 40107, 41 x before 41148, and 42x before 42131 allows remote attackers to cause a denial of service (resource consumption) via a long password CVE-2014-9218 was assigned ============= Time Line: ============= December 3, 2014 - A phpMyAdmi ...

CWE-399 http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php https://github.com/phpmyadmin/phpmyadmin/commit/62b2c918d26cc78d1763945e3d44d1a63294a819 https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 https://github.com/phpmyadmin/phpmyadmin/commit/095729d81205f15f40d216d25917017da4c2fff8 http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 http://www.securityfocus.com/bid/71434 http://www.debian.org/security/2015/dsa-3382 https://exchange.xforce.ibmcloud.com/vulnerabilities/99140 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774194 https://nvd.nist.gov https://www.exploit-db.com/exploits/35539/https://www.debian.org/security/./dsa-3382

CVE-2014-9218

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect