Vulnerability Name:

CVE-2014-8961 (CCN-98885)

Assigned:2014-11-20
Published:2014-11-20
Updated:2018-10-30
Summary:Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2014-8961

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2014:1561

Source: MANDRIVA
Type: Broken Link
MDVSA-2014:228

Source: CCN
Type: phpMyAdmin Security Advisory PMASA-2014-16
Leakage of line count of an arbitrary file

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php

Source: BID
Type: UNKNOWN
71245

Source: CCN
Type: BID-71245
phpMyAdmin Error Reporting Feature Information Disclosure Vulnerability

Source: CCN
Type: Red Hat Bugzilla – Bug 1166637
(CVE-2014-8961) CVE-2014-8961 phpMyAdmin: leakage of line count of an arbitrary file (PMASA-2014-16)

Source: XF
Type: UNKNOWN
phpmyadmin-cve20148961-info-disclosure(98885)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994

Source: GENTOO
Type: UNKNOWN
GLSA-201505-03

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-8961

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.14.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.14.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.14.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.14.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.1.14.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.11:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:phpmyadmin:phpmyadmin:4.1.14.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.2.11:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20148961
    V
    		CVE-2014-8961
    2022-06-30
    oval:org.opensuse.security:def:113141
    P
    		phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106569
    P
    		phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)
    2021-10-01
    oval:com.ubuntu.cosmic:def:201489610000000
    V
    		CVE-2014-8961 on Ubuntu 18.10 (cosmic) - low.
    2014-11-30
    oval:com.ubuntu.artful:def:20148961000
    V
    		CVE-2014-8961 on Ubuntu 17.10 (artful) - low.
    2014-11-30
    oval:com.ubuntu.trusty:def:20148961000
    V
    		CVE-2014-8961 on Ubuntu 14.04 LTS (trusty) - low.
    2014-11-30
    oval:com.ubuntu.bionic:def:201489610000000
    V
    		CVE-2014-8961 on Ubuntu 18.04 LTS (bionic) - low.
    2014-11-30
    oval:com.ubuntu.bionic:def:20148961000
    V
    		CVE-2014-8961 on Ubuntu 18.04 LTS (bionic) - low.
    2014-11-30
    oval:com.ubuntu.xenial:def:20148961000
    V
    		CVE-2014-8961 on Ubuntu 16.04 LTS (xenial) - low.
    2014-11-30
    oval:com.ubuntu.xenial:def:201489610000000
    V
    		CVE-2014-8961 on Ubuntu 16.04 LTS (xenial) - low.
    2014-11-30
    oval:com.ubuntu.cosmic:def:20148961000
    V
    		CVE-2014-8961 on Ubuntu 18.10 (cosmic) - low.
    2014-11-30
    oval:com.ubuntu.disco:def:201489610000000
    V
    		CVE-2014-8961 on Ubuntu 19.04 (disco) - low.
    2014-11-30
    oval:com.ubuntu.precise:def:20148961000
    V
    		CVE-2014-8961 on Ubuntu 12.04 LTS (precise) - low.
    2014-11-30
    BACK
    phpmyadmin phpmyadmin 4.1.0
    phpmyadmin phpmyadmin 4.1.1
    phpmyadmin phpmyadmin 4.1.2
    phpmyadmin phpmyadmin 4.1.3
    phpmyadmin phpmyadmin 4.1.4
    phpmyadmin phpmyadmin 4.1.5
    phpmyadmin phpmyadmin 4.1.6
    phpmyadmin phpmyadmin 4.1.7
    phpmyadmin phpmyadmin 4.1.8
    phpmyadmin phpmyadmin 4.1.9
    phpmyadmin phpmyadmin 4.1.10
    phpmyadmin phpmyadmin 4.1.11
    phpmyadmin phpmyadmin 4.1.12
    phpmyadmin phpmyadmin 4.1.13
    phpmyadmin phpmyadmin 4.1.14
    phpmyadmin phpmyadmin 4.1.14.1
    phpmyadmin phpmyadmin 4.1.14.2
    phpmyadmin phpmyadmin 4.1.14.3
    phpmyadmin phpmyadmin 4.1.14.4
    phpmyadmin phpmyadmin 4.1.14.5
    phpmyadmin phpmyadmin 4.1.14.6
    phpmyadmin phpmyadmin 4.2.0
    phpmyadmin phpmyadmin 4.2.1
    phpmyadmin phpmyadmin 4.2.2
    phpmyadmin phpmyadmin 4.2.3
    phpmyadmin phpmyadmin 4.2.4
    phpmyadmin phpmyadmin 4.2.5
    phpmyadmin phpmyadmin 4.2.6
    phpmyadmin phpmyadmin 4.2.7.1
    phpmyadmin phpmyadmin 4.2.8
    phpmyadmin phpmyadmin 4.2.8.1
    phpmyadmin phpmyadmin 4.2.9
    phpmyadmin phpmyadmin 4.2.9.1
    phpmyadmin phpmyadmin 4.2.10.1
    phpmyadmin phpmyadmin 4.2.11
    opensuse opensuse 12.3
    opensuse opensuse 13.1
    opensuse opensuse 13.2
    phpmyadmin phpmyadmin 4.1.14.6
    phpmyadmin phpmyadmin 4.2.11