CVE-2015-2648

MEDIUM

Description

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

References

http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html

http://rhn.redhat.com/errata/RHSA-2015-1628.html

http://rhn.redhat.com/errata/RHSA-2015-1629.html

http://rhn.redhat.com/errata/RHSA-2015-1630.html

http://rhn.redhat.com/errata/RHSA-2015-1646.html

http://rhn.redhat.com/errata/RHSA-2015-1647.html

http://rhn.redhat.com/errata/RHSA-2015-1665.html

http://www.debian.org/security/2015/dsa-3308

http://www.debian.org/security/2015/dsa-3311

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/75822

http://www.securitytracker.com/id/1032911

http://www.ubuntu.com/usn/USN-2674-1

https://security.gentoo.org/glsa/201610-06

Details

Source: MITRE

Published: 2015-07-16

Updated: 2019-02-05

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.43 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.24 (inclusive)

Configuration 2

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 3

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
93993	GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
9303	MariaDB Server 10.0.x < 10.0.22 / 10.1.x < 10.1.9 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
9302	MariaDB Server 5.4.x < 5.4.46 / 10.0.x < 10.0.22 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
9282	MariaDB Server 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM)	Nessus Network Monitor	Database	medium
9256	Oracle MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple DoS	Nessus Network Monitor	Database	medium
9255	Oracle MySQL 5.6.x < 5.6.25 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
86537	SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM)	Nessus	SuSE Local Security Checks	medium
86182	openSUSE Security Update : mysql-community-server (openSUSE-2015-608)	Nessus	SuSE Local Security Checks	medium
85635	CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)	Nessus	CentOS Local Security Checks	medium
85622	Scientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM)	Nessus	Scientific Linux Local Security Checks	medium
85616	RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)	Nessus	Red Hat Local Security Checks	medium
85612	Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)	Nessus	Oracle Linux Local Security Checks	medium
85539	Oracle MySQL 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU)	Nessus	Databases	medium
85536	Oracle MySQL 5.5.x < 5.5.44 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU)	Nessus	Databases	medium
85499	Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20150817)	Nessus	Scientific Linux Local Security Checks	high
85488	Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)	Nessus	Oracle Linux Local Security Checks	high
85460	CentOS 5 : mysql55-mysql (CESA-2015:1628)	Nessus	CentOS Local Security Checks	high
85443	RHEL 5 : mysql55-mysql (RHSA-2015:1628)	Nessus	Red Hat Local Security Checks	high
84915	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2674-1)	Nessus	Ubuntu Local Security Checks	medium
84839	Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)	Nessus	Debian Local Security Checks	medium
84836	Debian DSA-3308-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
84796	MariaDB 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM)	Nessus	Databases	medium
84767	MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU)	Nessus	Databases	medium