Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2017-3305
Description:Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle".
Test IDs: 1.3.6.1.4.1.25623.1.0.810885   1.3.6.1.4.1.25623.1.0.810884  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-3305
BugTraq ID: 97023
http://www.securityfocus.com/bid/97023
Debian Security Information: DSA-3834 (Google Search)
http://www.debian.org/security/2017/dsa-3834
http://riddle.link/
http://www.openwall.com/lists/oss-security/2017/03/17/3
RedHat Security Advisories: RHSA-2017:2787
https://access.redhat.com/errata/RHSA-2017:2787
http://www.securitytracker.com/id/1038287




© 1998-2024 E-Soft Inc. All rights reserved.