Test ID:	1.3.6.1.4.1.25623.1.0.117194
Category:	Databases
Title:	Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016) - Windows
Summary:	Oracle MySQL Server is prone to a vulnerability in a third party library.
Description:	Summary: Oracle MySQL Server is prone to a vulnerability in a third party library. Vulnerability Insight: wolfSSL (formerly CyaSSL) as used in MySQL does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server. Vulnerability Impact: The flaw makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. Affected Software/OS: Oracle MySQL Server versions 5.5.45 and prior and 5.6 through 5.6.26. Solution: Updates are available. Please see the references for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7744 https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ http://www.securitytracker.com/id/1034708 SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.