CVE-2013-3839

MEDIUM

Description

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

References

http://rhn.redhat.com/errata/RHSA-2014-0173.html

http://rhn.redhat.com/errata/RHSA-2014-0186.html

http://rhn.redhat.com/errata/RHSA-2014-0189.html

http://secunia.com/advisories/55291

http://security.gentoo.org/glsa/glsa-201409-04.xml

http://www.debian.org/security/2013/dsa-2780

http://www.debian.org/security/2013/dsa-2818

http://www.mandriva.com/security/advisories?name=MDVSA-2013:250

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

http://www.securityfocus.com/bid/63109

http://www.securitytracker.com/id/1029184

http://www.ubuntu.com/usn/USN-2006-1

Details

Source: MITRE

Published: 2013-10-16

Updated: 2017-01-07

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4

Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:a:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.5.32 (inclusive)

Configuration 2

OR

cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.6.12 (inclusive)

Configuration 3

OR

cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.62:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.63:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.64:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.65:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.66:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.67:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.68:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.69:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.1.70 (inclusive)

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
80195	Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)	Nessus	Junos Local Security Checks	critical
77548	GLSA-201409-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
72864	CentOS 6 : mariadb55-mariadb (CESA-2014:0189)	Nessus	CentOS Local Security Checks	high
72863	CentOS 6 : mysql55-mysql (CESA-2014:0173)	Nessus	CentOS Local Security Checks	high
72592	CentOS 5 : mysql55-mysql (CESA-2014:0186)	Nessus	CentOS Local Security Checks	high
72569	Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
72568	RHEL 5 : mysql55-mysql (RHSA-2014:0186)	Nessus	Red Hat Local Security Checks	high
72566	Oracle Linux 5 : mysql55-mysql (ELSA-2014-0186)	Nessus	Oracle Linux Local Security Checks	high
71474	Debian DSA-2818-1 : mysql-5.5 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
70902	Amazon Linux AMI : mysql51 (ALAS-2013-240)	Nessus	Amazon Linux Local Security Checks	medium
70822	Fedora 20 : community-mysql-5.5.34-1.fc20 (2013-19601)	Nessus	Fedora Local Security Checks	medium
70736	Fedora 19 : community-mysql-5.5.34-1.fc19 (2013-19654)	Nessus	Fedora Local Security Checks	medium
70735	Fedora 18 : mysql-5.5.34-1.fc18 (2013-19648)	Nessus	Fedora Local Security Checks	medium
70606	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-2006-1)	Nessus	Ubuntu Local Security Checks	medium
70502	Debian DSA-2780-1 : mysql-5.1 - several vulnerabilities	Nessus	Debian Local Security Checks	critical
70463	MySQL 5.6.x < 5.6.13 Multiple Vulnerabilities	Nessus	Databases	medium
70462	MySQL 5.5 < 5.5.33 Multiple Vulnerabilities	Nessus	Databases	medium
70461	MySQL 5.1 < 5.1.71 Server Optimizer Denial of Service	Nessus	Databases	critical
8029	Oracle MySQL 5.x < 5.6.13 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium