4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
55.7%
Package : mysql-connector-java
Version : 5.1.39-1~deb7u1
CVE ID : CVE-2015-2575
A vulnerability in the MySQL Connectors component of Oracle MySQL
(subcomponent: Connector/J) has been discovered that may result in
unauthorized update, insert or delete access to some MySQL Connectors
accessible data as well as read access to a subset of MySQL Connectors.
The issue is addressed by updating to the latest stable release of
mysql-connector-java since Oracle did not release further information.
Please see Oracle's Critical Patch Update advisory for further details.
http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html#MSQL
For Debian 7 "Wheezy", these problems have been fixed in version
5.1.39-1~deb7u1.
We recommend that you upgrade your mysql-connector-java packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | mysql-connector-java | <Â 5.1.39-1~deb7u1 | mysql-connector-java_5.1.39-1~deb7u1_all.deb |