MySQL Enterprise Monitor 2.3.x < 2.3.21 / 3.0.x < 3.0.23 Multiple Vulnerabilities
High Nessus Plugin ID 86548
SynopsisA web application running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 2.3.x prior to 2.3.21 or 3.0.x prior to 3.0.23. It is, therefore, potentially affected by multiple vulnerabilities :
- An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.
- A denial of service vulnerability exists in the libcurl library due to a failure by the fix_hostname() function to properly calculate an index. An unauthenticated, remote attacker can exploit this, via a zero-length host name, to cause a denial of service or possibly have other unspecified impact. (CVE-2015-3144)
SolutionUpgrade to MySQL Enterprise Monitor version 2.3.21 / 3.0.23 or later.