Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2016-2038

Published: 20 February 2016

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Priority

Low

Cvss 3 Severity Score

5.3

Score breakdown

Status

Package Release Status
phpmyadmin
Launchpad, Ubuntu, Debian 		artful Not vulnerable
(4:4.5.4-1)
bionic Not vulnerable
(4:4.5.4-1)
cosmic Not vulnerable
(4:4.5.4-1)
disco Not vulnerable
(4:4.5.4-1)
eoan Does not exist

focal Not vulnerable
(4:4.5.4-1)
groovy Not vulnerable
(4:4.5.4-1)
hirsute Not vulnerable
(4:4.5.4-1)
impish Not vulnerable
(4:4.5.4-1)
jammy Not vulnerable
(4:4.5.4-1)
kinetic Not vulnerable
(4:4.5.4-1)
lunar Not vulnerable
(4:4.5.4-1)
mantic Not vulnerable
(4:4.5.4-1)
precise Ignored
(end of life)
trusty Needed

upstream
Released (4:4.5.4-1)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Not vulnerable
(4:4.5.4-1)
yakkety Not vulnerable
(4:4.5.4-1)
zesty Not vulnerable
(4:4.5.4-1)
Patches:
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/ac81596bfcf0b3cae9f6bc821efa4aa1c7f0c81d
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/8023340a259ecae6a3bd9268f4e39d097bdf0146
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/215f4a8ebe717ba646be00fca8519cf768a902f5
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/7056ca9458d26b24a6b1d9255073237c1636ca33
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/25738352df8057b542eeac3237eb6fd1d3ba4289
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/5b79467245b6e0a476775e2958b42088794f8e02
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/b39c02b0a82b13d2198276d228051139e6b838d9
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/470cd68344e86915679356dcc2cdb88c63a1d91d
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/b95360334d69b032b58cafb7d29db6670e9c7224
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/d63a8ab7e028925707902266fc989760118a4c72
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/879a14ad165b475ec58ceab33687d7cc5913a63b
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/d0a9baef3728a37120d53dc0a96abf04ace139da
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aaedc9048
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd796191073b
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1

Severity score breakdown

Parameter Value
Base score 5.3
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading