Security Features in phpmyadmin (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-9851 |
| CWE-ID | CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
phpmyadmin (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Security Features
EUVDB-ID: #VU33572
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-9851
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpmyadmin (Alpine package): 4.4.7-r0 - 4.4.15.8-r0
CPE2.3- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.4.7-r0:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.4.15-r0:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.4.15.1-r0:*:*:*:*:alpine_linux:*:3.1
https://git.alpinelinux.org/aports/commit/?id=3c5da8c4643bf2ec21c87b1c68b3ad2c149fc3b9
https://git.alpinelinux.org/aports/commit/?id=b36b3560d17cde1b9b07e17906ea6b7612b04cce
https://git.alpinelinux.org/aports/commit/?id=a35fc5fa306c1b74cf13f5f8a6624b47b0409a82
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
