| VID |
25238 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MySQL running on the remote host is 5.5.x prior to 5.5.57. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635)
- An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636)
- An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3641)
- An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648)
- An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651)
- Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653)
* References:
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml |
| Recommendation |
Upgrade to the latest version of MySQL (5.5.57 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2017-3635,CVE-2017-3636,CVE-2017-3641,CVE-2017-3648,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653 (CVE) |
| Related URL |
99730,99736,99767,99789,99802,99805,99810 (SecurityFocus) |
| Related URL |
(ISS) |
|
