The version of MariaDB installed on the remote host is prior to 10.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10015-release-notes advisory.

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote     attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL,     a different vulnerability than CVE-2014-6491. (CVE-2014-6500)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote     attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL,     a different vulnerability than CVE-2014-6500. (CVE-2014-6491)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote     authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
    (CVE-2014-6464)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote     authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. (CVE-2014-6469)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote     attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than     CVE-2014-6496. (CVE-2014-6494)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

MariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities

critical Nessus Plugin ID 129355

Version 1.5