CVE-2016-3452

MEDIUM

Description

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.

References

http://rhn.redhat.com/errata/RHSA-2016-0705.html

http://rhn.redhat.com/errata/RHSA-2016-1480.html

http://rhn.redhat.com/errata/RHSA-2016-1481.html

http://rhn.redhat.com/errata/RHSA-2016-1602.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/91787

http://www.securityfocus.com/bid/91999

http://www.securitytracker.com/id/1036362

http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168

https://access.redhat.com/errata/RHSA-2016:1132

https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/

Details

Source: MITRE

Published: 2016-07-21

Updated: 2019-12-27

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Vulnerable Software

Configuration 1

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.48 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.29 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.10 (inclusive)

Tenable Plugins

View all (21 total)

ID	Name	Product	Family	Severity
125006	EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1553)	Nessus	Huawei Local Security Checks	critical
99798	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1035)	Nessus	Huawei Local Security Checks	medium
9608	Oracle MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
93616	MariaDB 5.5.x < 5.5.49 Multiple Vulnerabilities	Nessus	Databases	medium
9482	Oracle MySQL 5.5.x < 5.5.49 / 5.6.x < 5.6.30 / 5.7.x < 5.7.12 Multiple Vulnerabilities	Nessus Network Monitor	Database	critical
93016	Amazon Linux AMI : mysql55 (ALAS-2016-738)	Nessus	Amazon Linux Local Security Checks	high
92996	Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160811)	Nessus	Scientific Linux Local Security Checks	medium
92950	CentOS 7 : mariadb (CESA-2016:1602)	Nessus	CentOS Local Security Checks	medium
92938	RHEL 7 : mariadb (RHSA-2016:1602)	Nessus	Red Hat Local Security Checks	medium
92934	Oracle Linux 7 : mariadb (ELSA-2016-1602)	Nessus	Oracle Linux Local Security Checks	medium
92505	FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
91997	MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities	Nessus	Databases	medium
91995	MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities	Nessus	Databases	high
91993	MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)	Nessus	Databases	high
91998	Oracle MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities	Nessus	Databases	medium
91996	Oracle MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities	Nessus	Databases	high
91766	MariaDB 10.1.x < 10.1.14 Multiple Vulnerabilities	Nessus	Databases	medium
91765	MariaDB 10.0.x < 10.0.25 Multiple Vulnerabilities	Nessus	Databases	medium
90833	Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)	Nessus	Databases	medium
90832	Oracle MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU) (DROWN)	Nessus	Databases	critical
90830	Oracle MySQL 5.5.x < 5.5.49 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)	Nessus	Databases	medium