CVE-2015-0505

LOW

Description

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

References

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

http://rhn.redhat.com/errata/RHSA-2015-1628.html

http://rhn.redhat.com/errata/RHSA-2015-1629.html

http://rhn.redhat.com/errata/RHSA-2015-1647.html

http://rhn.redhat.com/errata/RHSA-2015-1665.html

http://www.debian.org/security/2015/dsa-3229

http://www.debian.org/security/2015/dsa-3311

http://www.mandriva.com/security/advisories?name=MDVSA-2015:227

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.securityfocus.com/bid/74112

http://www.securitytracker.com/id/1032121

http://www.ubuntu.com/usn/USN-2575-1

https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/

https://security.gentoo.org/glsa/201507-19

Details

Source: MITRE

Published: 2015-04-16

Updated: 2019-02-01

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*

Configuration 2

OR

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.42 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.23 (inclusive)

Configuration 3

OR

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
86088GLSA-201507-19 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
85635CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)NessusCentOS Local Security Checks
medium
85622Scientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM)NessusScientific Linux Local Security Checks
medium
85616RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)NessusRed Hat Local Security Checks
medium
85612Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)NessusOracle Linux Local Security Checks
medium
85499Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20150817)NessusScientific Linux Local Security Checks
high
85488Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)NessusOracle Linux Local Security Checks
high
85460CentOS 5 : mysql55-mysql (CESA-2015:1628)NessusCentOS Local Security Checks
high
85443RHEL 5 : mysql55-mysql (RHSA-2015:1628)NessusRed Hat Local Security Checks
high
84913SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)NessusSuSE Local Security Checks
medium
84839Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)NessusDebian Local Security Checks
medium
84658openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)NessusSuSE Local Security Checks
high
83860SUSE SLED11 / SLES11 Security Update : MySQL (SUSE-SU-2015:0946-1) (FREAK)NessusSuSE Local Security Checks
medium
83372Slackware 14.0 : mysql (SSA:2015-132-02)NessusSlackware Local Security Checks
medium
83371Slackware 14.1 / current : mariadb (SSA:2015-132-01)NessusSlackware Local Security Checks
medium
8761Oracle MySQL 5.5.x < 5.5.43 / 5.6.x < 5.6.24 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
8761Oracle MySQL 5.5.x < 5.5.43 / 5.6.x < 5.6.24 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
83254Mandriva Linux Security Advisory : mariadb (MDVSA-2015:227)NessusMandriva Local Security Checks
medium
82993Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2575-1)NessusUbuntu Local Security Checks
medium
82865Debian DSA-3229-1 : mysql-5.5 - security updateNessusDebian Local Security Checks
medium
82800MySQL 5.5.x < 5.5.43 / 5.6.x < 5.6.24 Multiple DoS Vulnerabilities (April 2015 CPU)NessusDatabases
medium