The version of mysql57 installed on the remote host is prior to 5.7.41-1.18. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1686 advisory.

    2023-06-07: CVE-2023-21963 was added to this advisory.

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).
    Supported versions that are affected are 5.7.40 and prior and  8.0.31 and prior. Easily exploitable     vulnerability allows high privileged attacker with network access via multiple protocols to compromise     MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a     partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts).
    CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2023-21963)

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2021-2180)

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that     are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2023-21840)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux AMI : mysql57 (ALAS-2023-1686)

medium Nessus Plugin ID 171866

Version 1.2