MySQL 5.0.18 Information Leak

low Nessus Plugin ID 17830

Synopsis

The remote database server is affected by an information leak weakness.

Description

The version of MySQL installed on the remote host allows local users to read sensitive information via the following query :

SELECT * FROM information_schema.views;

This issue is disputed. Some consider it as a normal behavior for an SQL database.

See Also

https://www.securityfocus.com/archive/1/archive/1/423432/100/0/threaded

https://www.securityfocus.com/archive/1/archive/1/423228/100/0/threaded

https://www.securityfocus.com/archive/1/archive/1/423204/100/0/threaded

https://www.securityfocus.com/archive/1/archive/1/423180/30/7310/threaded

https://www.securityfocus.com/archive/1/archive/1/422491/100/0/threaded

https://www.securityfocus.com/archive/1/422698/100/0/threaded

https://www.securityfocus.com/archive/1/422592/100/0/threaded

Plugin Details

Severity: Low

ID: 17830

File Name: mysql_5_0_18_info_leak.nasl

Version: 1.6

Type: remote

Family: Databases

Published: 1/18/2012

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport, Settings/PCI_DSS

Vulnerability Publication Date: 1/20/2006

Reference Information

CVE: CVE-2006-0369

CWE: 200