| VID |
25239 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MySQL running on the remote host is 5.6.x prior to 5.6.37. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633)
- Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3641)
- An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635)
- An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636)
- Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649)
- An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648)
- An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651)
- Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653)
* References:
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml |
| Recommendation |
Upgrade to the latest version of MySQL (5.6.37 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2017-3633,CVE-2017-3634,CVE-2017-3635,CVE-2017-3636,CVE-2017-3641,CVE-2017-3647,CVE-2017-3648,CVE-2017-3649,CVE-2017-3651,CVE-2017-3652 (CVE) |
| Related URL |
99722,99729,99730,99736,99767,99789,99796,99799,99802,99805,99810 (SecurityFocus) |
| Related URL |
(ISS) |
|
