Login

Tenable Community & Support

Tenable University

CVE-2014-0402

MEDIUM

Description

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

References

http://osvdb.org/102068

http://rhn.redhat.com/errata/RHSA-2014-0164.html

http://rhn.redhat.com/errata/RHSA-2014-0173.html

http://rhn.redhat.com/errata/RHSA-2014-0186.html

http://rhn.redhat.com/errata/RHSA-2014-0189.html

http://secunia.com/advisories/56491

http://secunia.com/advisories/56541

http://secunia.com/advisories/56580

http://security.gentoo.org/glsa/glsa-201409-04.xml

http://ubuntu.com/usn/usn-2086-1

http://www.debian.org/security/2014/dsa-2845

http://www.debian.org/security/2014/dsa-2848

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://www.securityfocus.com/bid/64758

http://www.securityfocus.com/bid/64908

https://exchange.xforce.ibmcloud.com/vulnerabilities/90379

Details

Source: MITRE

Published: 2014-01-15

Updated: 2019-12-17

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.23:a:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.34:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.37:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.40:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.43:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.43:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.44:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.45:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.46:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.46:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.47:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.48:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.49:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.49:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.50:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.62:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.63:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.64:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.65:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.66:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.67:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.68:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.69:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.70:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.1.71 (inclusive)

Configuration 2

OR

cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.6.13 (inclusive)

Configuration 3

OR

cpe:2.3:a:oracle:mysql:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:a:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.32:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.5.33 (inclusive)

Tenable Plugins

View all (26 total)

ID	Name	Product	Family	Severity
96790	OracleVM 3.3 / 3.4 : mysql (OVMSA-2017-0035)	Nessus	OracleVM Local Security Checks	critical
82672	F5 Networks BIG-IP : Multiple MySQL vulnerabilities (K16389)	Nessus	F5 Networks Local Security Checks	medium
77548	GLSA-201409-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
74373	SuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)	Nessus	SuSE Local Security Checks	critical
72946	Amazon Linux AMI : mysql51 (ALAS-2014-298)	Nessus	Amazon Linux Local Security Checks	high
72864	CentOS 6 : mariadb55-mariadb (CESA-2014:0189)	Nessus	CentOS Local Security Checks	high
72863	CentOS 6 : mysql55-mysql (CESA-2014:0173)	Nessus	CentOS Local Security Checks	high
72592	CentOS 5 : mysql55-mysql (CESA-2014:0186)	Nessus	CentOS Local Security Checks	high
72569	Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20140218)	Nessus	Scientific Linux Local Security Checks	high
72568	RHEL 5 : mysql55-mysql (RHSA-2014:0186)	Nessus	Red Hat Local Security Checks	high
72566	Oracle Linux 5 : mysql55-mysql (ELSA-2014-0186)	Nessus	Oracle Linux Local Security Checks	high
72495	Mandriva Linux Security Advisory : mariadb (MDVSA-2014:028)	Nessus	Mandriva Local Security Checks	high
72491	CentOS 6 : mysql (CESA-2014:0164)	Nessus	CentOS Local Security Checks	high
72477	Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20140212)	Nessus	Scientific Linux Local Security Checks	high
72474	RHEL 6 : mysql (RHSA-2014:0164)	Nessus	Red Hat Local Security Checks	high
72471	Oracle Linux 6 : mysql (ELSA-2014-0164)	Nessus	Oracle Linux Local Security Checks	high
72374	MariaDB 5.5 < 5.5.35 Multiple Vulnerabilities	Nessus	Databases	high
72109	Debian DSA-2848-1 : mysql-5.5 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
8089	Oracle MySQL 5.5.x < 5.5.35 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
8088	Oracle MySQL 5.1.x < 5.1.73 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
8082	Oracle MySQL 5.6.x < 5.6.15 Remote Code Execution	Nessus Network Monitor	Database	medium
72089	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-2086-1)	Nessus	Ubuntu Local Security Checks	medium
72010	Debian DSA-2845-1 : mysql-5.1 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
71975	MySQL 5.6.x < 5.6.14 Multiple Vulnerabilities	Nessus	Databases	low
71973	MySQL 5.5 < 5.5.34 Multiple Vulnerabilities	Nessus	Databases	medium
71971	MySQL 5.1.x < 5.1.72 Multiple Vulnerabilities	Nessus	Databases	low