According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.2.x prior to 3.2.2.1075.
It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     bundled version of Apache Tomcat in the Manager and Host     Manager web applications due to a flaw in the index page     when issuing redirects in response to unauthenticated     requests for the root directory of the application. An     authenticated, remote attacker can exploit this to gain     access to the XSRF token information stored in the index     page. (CVE-2015-5351)

  - A remote code execution vulnerability exists in the     JMXInvokerServlet interface due to improper validation     of Java objects before deserialization. An     authenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2015-7501)

  - A remote code execution vulnerability exists in the     Framework subcomponent that allows an authenticated,     remote attacker to execute arbitrary code.
    (CVE-2016-0635)

  - An information disclosure vulnerability exists in the     bundled version of Apache Tomcat that allows a specially     crafted web application to load the     StatusManagerServlet. An authenticated, remote attacker     can exploit this to gain unauthorized access to a list     of all deployed applications and a list of the HTTP     request lines for all requests currently being     processed. (CVE-2016-0706)

  - A remote code execution vulnerability exists in the     bundled version of Apache Tomcat due to a flaw in the     StandardManager, PersistentManager, and cluster     implementations that is triggered when handling     persistent sessions. An authenticated, remote attacker     can exploit this, via a crafted object in a session, to     bypass the security manager and execute arbitrary code.
    (CVE-2016-0714)

  - A security bypass vulnerability exists in the bundled     version of Apache Tomcat due to a failure to consider     whether ResourceLinkFactory.setGlobalContext callers are     authorized. An authenticated, remote attacker can     exploit this, via a web application that sets a crafted     global context, to bypass intended SecurityManager     restrictions and read or write to arbitrary application     data or cause a denial of service condition.
    (CVE-2016-0763)

Detections

Analytics

MySQL Enterprise Monitor 3.2.x < 3.2.2.1075 Multiple Vulnerabilities (January 2017 CPU)

critical Nessus Plugin ID 96769

Version 1.7