CVE-2014-4207

MEDIUM

Description

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

References

http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/60425

http://www.debian.org/security/2014/dsa-2985

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/68593

http://www.securitytracker.com/id/1030578

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/94624

Details

Source: MITRE

Published: 2014-07-17

Updated: 2018-10-09

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:a:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.32:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.34:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.35:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.36:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.5.37 (inclusive)

Configuration 2

OR

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
83716SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)NessusSuSE Local Security Checks
high
82344Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)NessusMandriva Local Security Checks
high
8911Oracle MySQL 5.5.x < 5.5.38 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
79370Oracle Linux 7 : mariadb (ELSA-2014-1861)NessusOracle Linux Local Security Checks
medium
79369Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)NessusOracle Linux Local Security Checks
medium
79305Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20141117)NessusScientific Linux Local Security Checks
medium
79304Scientific Linux Security Update : mariadb on SL7.x x86_64 (20141117)NessusScientific Linux Local Security Checks
medium
79303RHEL 7 : mariadb (RHSA-2014:1861)NessusRed Hat Local Security Checks
medium
79302RHEL 5 : mysql55-mysql (RHSA-2014:1859)NessusRed Hat Local Security Checks
high
79300CentOS 7 : mariadb (CESA-2014:1861)NessusCentOS Local Security Checks
medium
79299CentOS 5 : mysql55-mysql (CESA-2014:1859)NessusCentOS Local Security Checks
medium
77435SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)NessusSuSE Local Security Checks
medium
77434SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)NessusSuSE Local Security Checks
medium
76690Debian DSA-2985-1 : mysql-5.5 - security updateNessusDebian Local Security Checks
medium
76586Ubuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2291-1)NessusUbuntu Local Security Checks
medium
76529MySQL 5.5.x < 5.5.38 MySQL Multiple VulnerabilitiesNessusDatabases
medium