CVE-2016-5626

MEDIUM

Description

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

References

http://rhn.redhat.com/errata/RHSA-2016-2130.html

http://rhn.redhat.com/errata/RHSA-2016-2131.html

http://rhn.redhat.com/errata/RHSA-2016-2595.html

http://rhn.redhat.com/errata/RHSA-2016-2749.html

http://rhn.redhat.com/errata/RHSA-2016-2927.html

http://rhn.redhat.com/errata/RHSA-2016-2928.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.securityfocus.com/bid/93638

http://www.securitytracker.com/id/1037050

https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/

https://security.gentoo.org/glsa/201701-01

Details

Source: MITRE

Published: 2016-10-25

Updated: 2019-03-04

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.51 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.32 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.14 (inclusive)

Configuration 2

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 3

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

Tenable Plugins

View all (29 total)

ID	Name	Product	Family	Severity
125007	EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)	Nessus	Huawei Local Security Checks	high
99824	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062)	Nessus	Huawei Local Security Checks	critical
96510	FreeBSD : MySQL -- multiple vulnerabilities (22373c43-d728-11e6-a9a5-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
96232	GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
95847	Scientific Linux Security Update : mariadb on SL7.x x86_64 (20161103)	Nessus	Scientific Linux Local Security Checks	critical
95633	MariaDB 5.5.x < 5.5.52 Multiple Vulnerabilities	Nessus	Databases	medium
95632	MariaDB 10.1.x < 10.1.18 Multiple Vulnerabilities	Nessus	Databases	medium
95597	openSUSE Security Update : mariadb (openSUSE-2016-1417)	Nessus	SuSE Local Security Checks	medium
95596	openSUSE Security Update : mariadb (openSUSE-2016-1416)	Nessus	SuSE Local Security Checks	medium
95540	MariaDB 10.0.x < 10.0.28 Multiple Vulnerabilities	Nessus	Databases	medium
95384	SUSE SLED12 / SLES12 Security Update : Recommended update for mariadb (SUSE-SU-2016:2933-1)	Nessus	SuSE Local Security Checks	medium
95383	SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)	Nessus	SuSE Local Security Checks	medium
95341	CentOS 7 : mariadb (CESA-2016:2595)	Nessus	CentOS Local Security Checks	critical
94756	openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)	Nessus	SuSE Local Security Checks	critical
94743	Debian DSA-3711-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium
94715	Oracle Linux 7 : mariadb (ELSA-2016-2595)	Nessus	Oracle Linux Local Security Checks	critical
94694	openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)	Nessus	SuSE Local Security Checks	critical
94558	RHEL 7 : mariadb (RHSA-2016:2595)	Nessus	Red Hat Local Security Checks	critical
9752	MariaDB Server 10.0.x < 10.0.28 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
94440	Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)	Nessus	Slackware Local Security Checks	medium
94197	MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)	Nessus	Databases	critical
94196	MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)	Nessus	Databases	critical
94166	MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)	Nessus	Databases	critical
94165	MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)	Nessus	Databases	critical
9618	Oracle MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
9614	Oracle MySQL 5.6.x < 5.6.33 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
9610	Oracle MySQL 5.5.x < 5.5.52 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
93380	MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities	Nessus	Databases	critical
93379	MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities	Nessus	Databases	critical