CVE-2015-4737LOW
Description
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.
References
http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html
http://rhn.redhat.com/errata/RHSA-2015-1628.html
http://rhn.redhat.com/errata/RHSA-2015-1629.html
http://rhn.redhat.com/errata/RHSA-2015-1630.html
http://rhn.redhat.com/errata/RHSA-2015-1646.html
http://rhn.redhat.com/errata/RHSA-2015-1647.html
http://rhn.redhat.com/errata/RHSA-2015-1665.html
http://www.debian.org/security/2015/dsa-3308
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/75802
http://www.securitytracker.com/id/1032911
Details
Source: MITRE
Published: 2015-07-16
Updated: 2019-02-12
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 3.5
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 6.8
Severity: LOW
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.43 (inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.24 (inclusive)
Configuration 3
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 93993 | GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 9257 | Oracle MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.24 Multiple Vulnerabilities | Nessus Network Monitor | Database | low |
| 86537 | SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM) | Nessus | SuSE Local Security Checks | medium |
| 86182 | openSUSE Security Update : mysql-community-server (openSUSE-2015-608) | Nessus | SuSE Local Security Checks | medium |
| 85635 | CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM) | Nessus | CentOS Local Security Checks | medium |
| 85622 | Scientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM) | Nessus | Scientific Linux Local Security Checks | medium |
| 85616 | RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM) | Nessus | Red Hat Local Security Checks | medium |
| 85612 | Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM) | Nessus | Oracle Linux Local Security Checks | medium |
| 85538 | Oracle MySQL 5.6.x < 5.6.24 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU) | Nessus | Databases | medium |
| 85536 | Oracle MySQL 5.5.x < 5.5.44 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU) | Nessus | Databases | medium |
| 85499 | Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20150817) | Nessus | Scientific Linux Local Security Checks | high |
| 85488 | Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628) | Nessus | Oracle Linux Local Security Checks | high |
| 85460 | CentOS 5 : mysql55-mysql (CESA-2015:1628) | Nessus | CentOS Local Security Checks | high |
| 85443 | RHEL 5 : mysql55-mysql (RHSA-2015:1628) | Nessus | Red Hat Local Security Checks | high |
| 84915 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2674-1) | Nessus | Ubuntu Local Security Checks | medium |
| 84836 | Debian DSA-3308-1 : mysql-5.5 - security update | Nessus | Debian Local Security Checks | medium |
| 84767 | MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU) | Nessus | Databases | medium |