Vulnerability Name:

CVE-2015-7873 (CCN-107768)

Assigned:2015-10-23
Published:2015-10-23
Updated:2016-12-07
Summary:The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
CVSS v3 Severity:4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-254
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2015-7873

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-287c164df5

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-5c06260c4b

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-17908c56c1

Source: CCN
Type: SECTRACK ID: 1034013
phpMyAdmin Bug in Redirection Mechanism Lets Remote Users Spoof Content

Source: DEBIAN
Type: UNKNOWN
DSA-3382

Source: BID
Type: UNKNOWN
77299

Source: CCN
Type: BID-77299
phpMyAdmin CVE-2015-7873 Content Spoofing Vulnerability

Source: SECTRACK
Type: UNKNOWN
1034013

Source: XF
Type: UNKNOWN
phpmyadmin-cve20157873-open-redirect(107768)

Source: CONFIRM
Type: UNKNOWN
https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706

Source: CCN
Type: phpMyAdmin Security Advisory PMASA-2015-5
Content spoofing vulnerability when redirecting user to an external site

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.phpmyadmin.net/security/PMASA-2015-5/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-7873

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:4.5.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20157873
    V
    		CVE-2015-7873
    2022-06-30
    oval:org.opensuse.security:def:113141
    P
    		phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106569
    P
    		phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.cisecurity:def:283
    P
    		DSA-3382-1 phpmyadmin -- security update
    2016-02-08
    oval:com.ubuntu.bionic:def:201578730000000
    V
    		CVE-2015-7873 on Ubuntu 18.04 LTS (bionic) - low.
    2015-10-28
    oval:com.ubuntu.artful:def:20157873000
    V
    		CVE-2015-7873 on Ubuntu 17.10 (artful) - low.
    2015-10-28
    oval:com.ubuntu.xenial:def:20157873000
    V
    		CVE-2015-7873 on Ubuntu 16.04 LTS (xenial) - low.
    2015-10-28
    oval:com.ubuntu.xenial:def:201578730000000
    V
    		CVE-2015-7873 on Ubuntu 16.04 LTS (xenial) - low.
    2015-10-28
    oval:com.ubuntu.bionic:def:20157873000
    V
    		CVE-2015-7873 on Ubuntu 18.04 LTS (bionic) - low.
    2015-10-28
    oval:com.ubuntu.precise:def:20157873000
    V
    		CVE-2015-7873 on Ubuntu 12.04 LTS (precise) - low.
    2015-10-28
    oval:com.ubuntu.trusty:def:20157873000
    V
    		CVE-2015-7873 on Ubuntu 14.04 LTS (trusty) - low.
    2015-10-28
    BACK
    phpmyadmin phpmyadmin 4.4.0
    phpmyadmin phpmyadmin 4.4.1
    phpmyadmin phpmyadmin 4.4.1.1
    phpmyadmin phpmyadmin 4.4.2
    phpmyadmin phpmyadmin 4.4.3
    phpmyadmin phpmyadmin 4.4.4
    phpmyadmin phpmyadmin 4.4.5
    phpmyadmin phpmyadmin 4.4.6
    phpmyadmin phpmyadmin 4.4.6.1
    phpmyadmin phpmyadmin 4.4.7
    phpmyadmin phpmyadmin 4.4.8
    phpmyadmin phpmyadmin 4.4.9
    phpmyadmin phpmyadmin 4.4.10
    phpmyadmin phpmyadmin 4.4.11
    phpmyadmin phpmyadmin 4.4.12
    phpmyadmin phpmyadmin 4.4.13
    phpmyadmin phpmyadmin 4.4.13.1
    phpmyadmin phpmyadmin 4.4.14
    phpmyadmin phpmyadmin 4.4.14.1
    phpmyadmin phpmyadmin 4.4.15
    phpmyadmin phpmyadmin 4.5.0
    phpmyadmin phpmyadmin 4.5.0.1
    phpmyadmin phpmyadmin 4.5.0.2
    phpmyadmin phpmyadmin 4.4.15