Descriptionlibraries/select_lang.lib.php in phpMyAdmin 4.0.x before 18.104.22.168, 4.2.x before 22.214.171.124, and 4.3.x before 126.96.36.199 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2015:1191-1, published Sat, 4 Jul 2015 12:05:49 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 13.1|| ||Patchnames:
|openSUSE Tumbleweed|| ||Patchnames:
openSUSE Tumbleweed GA phpMyAdmin