Lucene search

K

Kaspersky LabKLA10553

HistoryApr 16, 2015 - 12:00 a.m.

KLA10553 Denial of service vulnerabilities in Oracle MySQL

2015-04-1600:00:00

Kaspersky Lab

threats.kaspersky.com

27

5.7 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:M/C:N/I:N/A:C

0.891 High

EPSS

Percentile

98.7%

Detect date:

04/16/2015

Severity:

High

Description:

An unspecified vulnerabilities were found in Oracle MySQL. By exploiting these vulnerabilities malicious users can affect availability. These vulnerabilities can be exploited remotely via an unknown vectors related to InnoDB, Federated, DDL, Partition, SP, XA, Encryption and other unknown vectors.

Affected products:

Oracle MySQL Server 5.6 versions earlier than 5.6.24
Oracle MySQL Server versions earlier than 5.5.43

Solution:

Update to the latest version
Get MySQL

Original advisories:

Oracle bulletin

Impacts:

DoS

Related products:

CVE-IDS:

CVE-2014-35695.0Critical
CVE-2015-05084.0Warning
CVE-2015-04981.7Warning
CVE-2015-04993.5Warning
CVE-2015-04334.0Warning
CVE-2015-04384.0Warning
CVE-2015-04394.0Warning
CVE-2015-05063.5Warning
CVE-2015-05073.5Warning
CVE-2015-05053.5Warning
CVE-2015-05034.0Warning
CVE-2015-05004.0Warning
CVE-2015-05015.7High
CVE-2015-04054.0Warning
CVE-2015-04234.0Warning
CVE-2015-04414.0Warning
CVE-2015-25734.0Warning
CVE-2015-25714.0Warning
CVE-2015-25685.0Critical
CVE-2015-25673.5Warning
CVE-2015-25662.8Warning
CVE-2015-05112.8Warning

References

www.mysql.com/downloads/

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Oracle-MySQL/

5.7 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:M/C:N/I:N/A:C

0.891 High

EPSS

Percentile

98.7%