ID OPENSUSE-2016-1082.NASL Type nessus Reporter Tenable Modified 2018-11-19T00:00:00
Description
mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues.
CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981)
Please see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
This update was imported from the SUSE:SLE-12:Update update project.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-1082.
#
# The text description of this plugin is (C) SUSE LLC.
#
include("compat.inc");
if (description)
{
script_id(93500);
script_version("2.2");
script_cvs_date("Date: 2018/11/19 11:02:42");
script_cve_id("CVE-2015-2575");
script_name(english:"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)");
script_summary(english:"Check for the openSUSE-2016-1082 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a
security issues.
- CVE-2015-2575: Unspecified vulnerability in the MySQL
Connectors component in Oracle MySQL 5.1.34 and earlier
allows remote authenticated users to affect
confidentiality and integrity via unknown vectors
related to Connector/J. (bnc#927981)
Please see
http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
This update was imported from the SUSE:SLE-12:Update update project."
);
# http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
script_set_attribute(
attribute:"see_also",
value:"https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=927981"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mysql-connector-java package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-connector-java");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"patch_publication_date", value:"2016/09/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if ( rpm_check(release:"SUSE42.1", reference:"mysql-connector-java-5.1.35-6.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-connector-java");
}
{"id": "OPENSUSE-2016-1082.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)", "description": "mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981)\n\nPlease see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "published": "2016-09-15T00:00:00", "modified": "2018-11-19T00:00:00", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=93500", "reporter": "Tenable", "references": ["https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=927981"], "cvelist": ["CVE-2015-2575"], "type": "nessus", "lastseen": "2019-02-21T01:27:56", "history": [{"lastseen": "2018-11-20T03:40:23", "edition": 5, "differentElements": ["description"], "bulletin": {"lastseen": "2018-11-20T03:40:23", "references": ["https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=927981"], "pluginID": "93500", "description": "mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981)\n\nPlease see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 5, "reporter": "Tenable", "history": [], "published": "2016-09-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2575"], "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:42.1"], "modified": "2018-11-19T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93500", "id": "OPENSUSE-2016-1082.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1082.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93500);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)\");\n script_summary(english:\"Check for the openSUSE-2016-1082 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n # http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-connector-java-5.1.35-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "hashmap": [{"hash": "e6faa45aec19b48b9885f1a1a13b8ea3", "key": "description"}, {"hash": "b3eefb59dc5fdd179b4424356b7a3fd3", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "published"}, {"hash": "4556e5da49ed1d869f1c6fe416e9fee4", "key": "href"}, {"hash": "fb08942a8a3430128bd17b3c6553c14a", "key": "references"}, {"hash": "1f94fbd0759e021929d8db97ed753a89", "key": "title"}, {"hash": "5e9c28fb71a885719f4f0312b51c7b38", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "ceca23b950afb2f996a2fe919a2ed840", "key": "sourceData"}, {"hash": "6f720f6f65d6c422fdfb446e17a4b46b", "key": "cpe"}, {"hash": "5b096e40ae8b1b13416b0f995e175853", "key": "pluginID"}, {"hash": "777261d573cd9416a01d8ae4edd279a4", "key": "cvelist"}], "hash": "3b70d27092760c7a57838302b5f3fbe1a42f671162295b6d8c1e46704e460441"}}, {"lastseen": "2017-10-29T13:38:53", "edition": 2, "differentElements": ["cvss"], "bulletin": {"lastseen": "2017-10-29T13:38:53", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=927981", "http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html"], "pluginID": "93500", "description": "mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981)\n\nPlease see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 2, "reporter": "Tenable", "history": [], "published": "2016-09-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2575"], "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:42.1"], "modified": "2016-09-15T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93500", "id": "OPENSUSE-2016-1082.NASL", "viewCount": 0, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1082.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93500);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/09/15 13:52:58 $\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)\");\n script_summary(english:\"Check for the openSUSE-2016-1082 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-connector-java-5.1.35-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "hashmap": [{"hash": "e6faa45aec19b48b9885f1a1a13b8ea3", "key": "description"}, {"hash": "b3eefb59dc5fdd179b4424356b7a3fd3", "key": "cvss"}, {"hash": "75d5fa1461fed79606a86ab3cb64ce57", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "published"}, {"hash": "4556e5da49ed1d869f1c6fe416e9fee4", "key": "href"}, {"hash": "1f94fbd0759e021929d8db97ed753a89", "key": "title"}, {"hash": "44149cb41c3497dd8396fa2a4db3d373", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6f720f6f65d6c422fdfb446e17a4b46b", "key": "cpe"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "modified"}, {"hash": "5b096e40ae8b1b13416b0f995e175853", "key": "pluginID"}, {"hash": "777261d573cd9416a01d8ae4edd279a4", "key": "cvelist"}], "hash": "585c4d5a6c13f532703302a69f7a6165200b2a4ee3fb0e338f042e273ff1b78c"}}, {"lastseen": "2016-09-26T17:24:49", "edition": 1, "differentElements": ["cpe"], "bulletin": {"lastseen": "2016-09-26T17:24:49", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=927981", "http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html"], "pluginID": "93500", "description": "mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981)\n\nPlease see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 1, "reporter": "Tenable", "history": [], "published": "2016-09-15T00:00:00", "enchantments": {}, "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)", "type": "nessus", "objectVersion": "1.2", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2575"], "cpe": [], "modified": "2016-09-15T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93500", "id": "OPENSUSE-2016-1082.NASL", "viewCount": 0, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1082.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93500);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/09/15 13:52:58 $\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)\");\n script_summary(english:\"Check for the openSUSE-2016-1082 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-connector-java-5.1.35-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "hashmap": [{"hash": "e6faa45aec19b48b9885f1a1a13b8ea3", "key": "description"}, {"hash": "b3eefb59dc5fdd179b4424356b7a3fd3", "key": "cvss"}, {"hash": "75d5fa1461fed79606a86ab3cb64ce57", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "published"}, {"hash": "4556e5da49ed1d869f1c6fe416e9fee4", "key": "href"}, {"hash": "1f94fbd0759e021929d8db97ed753a89", "key": "title"}, {"hash": "44149cb41c3497dd8396fa2a4db3d373", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "modified"}, {"hash": "5b096e40ae8b1b13416b0f995e175853", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "777261d573cd9416a01d8ae4edd279a4", "key": "cvelist"}], "hash": "a579a7ce8be2ed901a04be7ed1879356074517a2b35a3e8cececb90d4a4f40aa"}}, {"lastseen": "2018-09-01T23:48:55", "edition": 4, "differentElements": ["references", "modified", "sourceData"], "bulletin": {"lastseen": "2018-09-01T23:48:55", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=927981", "http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html"], "pluginID": "93500", "description": "mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981)\n\nPlease see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 4, "reporter": "Tenable", "history": [], "published": "2016-09-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2575"], "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:42.1"], "modified": "2016-09-15T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93500", "id": "OPENSUSE-2016-1082.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1082.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93500);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/09/15 13:52:58 $\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)\");\n script_summary(english:\"Check for the openSUSE-2016-1082 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-connector-java-5.1.35-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "hashmap": [{"hash": "e6faa45aec19b48b9885f1a1a13b8ea3", "key": "description"}, {"hash": "b3eefb59dc5fdd179b4424356b7a3fd3", "key": "cvss"}, {"hash": "75d5fa1461fed79606a86ab3cb64ce57", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "published"}, {"hash": "4556e5da49ed1d869f1c6fe416e9fee4", "key": "href"}, {"hash": "1f94fbd0759e021929d8db97ed753a89", "key": "title"}, {"hash": "44149cb41c3497dd8396fa2a4db3d373", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6f720f6f65d6c422fdfb446e17a4b46b", "key": "cpe"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "modified"}, {"hash": "5b096e40ae8b1b13416b0f995e175853", "key": "pluginID"}, {"hash": "777261d573cd9416a01d8ae4edd279a4", "key": "cvelist"}], "hash": "585c4d5a6c13f532703302a69f7a6165200b2a4ee3fb0e338f042e273ff1b78c"}}, {"lastseen": "2018-08-30T19:42:50", "edition": 3, "differentElements": ["cvss"], "bulletin": {"lastseen": "2018-08-30T19:42:50", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=927981", "http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html"], "pluginID": "93500", "description": "mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981)\n\nPlease see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 3, "reporter": "Tenable", "history": [], "published": "2016-09-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2575"], "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:42.1"], "modified": "2016-09-15T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93500", "id": "OPENSUSE-2016-1082.NASL", "viewCount": 0, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1082.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93500);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/09/15 13:52:58 $\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)\");\n script_summary(english:\"Check for the openSUSE-2016-1082 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-connector-java-5.1.35-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "e6faa45aec19b48b9885f1a1a13b8ea3", "key": "description"}, {"hash": "75d5fa1461fed79606a86ab3cb64ce57", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "published"}, {"hash": "4556e5da49ed1d869f1c6fe416e9fee4", "key": "href"}, {"hash": "1f94fbd0759e021929d8db97ed753a89", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "44149cb41c3497dd8396fa2a4db3d373", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6f720f6f65d6c422fdfb446e17a4b46b", "key": "cpe"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "modified"}, {"hash": "5b096e40ae8b1b13416b0f995e175853", "key": "pluginID"}, {"hash": "777261d573cd9416a01d8ae4edd279a4", "key": "cvelist"}], "hash": "b259b984f8821f1a6255277abc5bf5218e219843ac83dd0da18e9bfc6dc9b858"}}, {"lastseen": "2019-01-16T20:24:53", "edition": 6, "differentElements": ["description"], "bulletin": {"lastseen": "2019-01-16T20:24:53", "references": ["https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=927981"], "pluginID": "93500", "description": "mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 6, "reporter": "Tenable", "history": [], "published": "2016-09-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}, "dependencies": {"references": [{"idList": ["DEBIAN:DLA-526-1:099F6", "DEBIAN:DSA-3621-1:F2106"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:14393"], "type": "securityvulns"}, {"idList": ["OPENVAS:703621", "OPENVAS:1361412562310805170", "OPENVAS:1361412562310808114", "OPENVAS:1361412562310703621"], "type": "openvas"}, {"idList": ["DEBIAN_DLA-526.NASL", "DEBIAN_DSA-3621.NASL", "OPENSUSE-2015-389.NASL"], "type": "nessus"}, {"idList": ["CVE-2015-2575"], "type": "cve"}, {"idList": ["ORACLE:CPUAPR2015-2365600"], "type": "oracle"}, {"idList": ["F5:K17115", "SOL17115"], "type": "f5"}], "modified": "2019-01-16T20:24:53"}}, "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2575"], "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:42.1"], "modified": "2018-11-19T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93500", "id": "OPENSUSE-2016-1082.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1082.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93500);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)\");\n script_summary(english:\"Check for the openSUSE-2016-1082 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n # http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-connector-java-5.1.35-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "hashmap": [{"hash": "b3eefb59dc5fdd179b4424356b7a3fd3", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e8f3d99346102161bd9a798bbc1f559", "key": "published"}, {"hash": "4556e5da49ed1d869f1c6fe416e9fee4", "key": "href"}, {"hash": "37f09e5924eb42cc4231d6c4e8dc08c9", "key": "description"}, {"hash": "fb08942a8a3430128bd17b3c6553c14a", "key": "references"}, {"hash": "1f94fbd0759e021929d8db97ed753a89", "key": "title"}, {"hash": "5e9c28fb71a885719f4f0312b51c7b38", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "ceca23b950afb2f996a2fe919a2ed840", "key": "sourceData"}, {"hash": "6f720f6f65d6c422fdfb446e17a4b46b", "key": "cpe"}, {"hash": "5b096e40ae8b1b13416b0f995e175853", "key": "pluginID"}, {"hash": "777261d573cd9416a01d8ae4edd279a4", "key": "cvelist"}], "hash": "bafc95404c1e0dee8782236a35688d0033f706f34d60e959cbfd479edc40b604"}}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "6f720f6f65d6c422fdfb446e17a4b46b"}, {"key": "cvelist", "hash": "777261d573cd9416a01d8ae4edd279a4"}, {"key": "cvss", "hash": "b3eefb59dc5fdd179b4424356b7a3fd3"}, {"key": "description", "hash": "e6faa45aec19b48b9885f1a1a13b8ea3"}, {"key": "href", "hash": "4556e5da49ed1d869f1c6fe416e9fee4"}, {"key": "modified", "hash": "5e9c28fb71a885719f4f0312b51c7b38"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "5b096e40ae8b1b13416b0f995e175853"}, {"key": "published", "hash": "4e8f3d99346102161bd9a798bbc1f559"}, {"key": "references", "hash": "fb08942a8a3430128bd17b3c6553c14a"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "ceca23b950afb2f996a2fe919a2ed840"}, {"key": "title", "hash": "1f94fbd0759e021929d8db97ed753a89"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "3b70d27092760c7a57838302b5f3fbe1a42f671162295b6d8c1e46704e460441", "viewCount": 1, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"idList": ["DEBIAN:DLA-526-1:099F6", "DEBIAN:DSA-3621-1:F2106"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:14393"], "type": "securityvulns"}, {"idList": ["OPENVAS:703621", "OPENVAS:1361412562310805170", "OPENVAS:1361412562310808114", "OPENVAS:1361412562310703621"], "type": "openvas"}, {"idList": ["DEBIAN_DLA-526.NASL", "DEBIAN_DSA-3621.NASL", "OPENSUSE-2015-389.NASL"], "type": "nessus"}, {"idList": ["CVE-2015-2575"], "type": "cve"}, {"idList": ["ORACLE:CPUAPR2015-2365600"], "type": "oracle"}, {"idList": ["F5:K17115", "SOL17115"], "type": "f5"}], "modified": "2019-01-16T20:24:53"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1082.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93500);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2016-1082)\");\n script_summary(english:\"Check for the openSUSE-2016-1082 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a\nsecurity issues.\n\n - CVE-2015-2575: Unspecified vulnerability in the MySQL\n Connectors component in Oracle MySQL 5.1.34 and earlier\n allows remote authenticated users to affect\n confidentiality and integrity via unknown vectors\n related to Connector/J. (bnc#927981)\n\nPlease see\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n # http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-connector-java-5.1.35-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "93500", "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:42.1"], "scheme": null}
{"cve": [{"lastseen": "2017-11-10T11:53:48", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.", "modified": "2017-11-09T21:29:01", "published": "2015-04-16T13:00:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2575", "id": "CVE-2015-2575", "title": "CVE-2015-2575", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-10-26T14:40:35", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2018-10-25T00:00:00", "published": "2016-06-03T00:00:00", "id": "OPENVAS:1361412562310808114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808114", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-02 Jun16 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln02_jun16_lin.nasl 12088 2018-10-25 10:57:43Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-02 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mysql:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808114\");\n script_version(\"$Revision: 12088 $\");\n script_cve_id(\"CVE-2015-2575\");\n script_bugtraq_id(74075);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-25 12:57:43 +0200 (Thu, 25 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 14:34:13 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-02 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to Connector/J.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows remote\n authenticated users to affect confidentiality and integrity via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL 5.1.34 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(mysqlVer =~ \"^(5\\.1)\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.1\", test_version2:\"5.1.34\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:47:51", "bulletinFamily": "scanner", "description": "A vulnerability was discovered in\nmysql-connector-java, a Java database (JDBC) driver for MySQL, which may result\nin unauthorized update, insert or delete access to some MySQL Connectors\naccessible data as well as read access to a subset of MySQL Connectors accessible\ndata. The vulnerability was addressed by upgrading mysql-connector-java to the new\nupstream version 5.1.39, which includes additional changes, such as bug\nfixes, new features, and possibly incompatible changes. Please see the\nMySQL Connector/J Release Notes and Oracle", "modified": "2017-12-15T00:00:00", "published": "2016-07-18T00:00:00", "id": "OPENVAS:1361412562310703621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703621", "title": "Debian Security Advisory DSA 3621-1 (mysql-connector-java - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3621.nasl 8131 2017-12-15 07:30:28Z teissa $\n# Auto-generated from advisory DSA 3621-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703621\");\n script_version(\"$Revision: 8131 $\");\n script_cve_id(\"CVE-2015-2575\");\n script_name(\"Debian Security Advisory DSA 3621-1 (mysql-connector-java - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-15 08:30:28 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-07-18 00:00:00 +0200 (Mon, 18 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3621.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-connector-java on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 5.1.39-1~deb8u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\");\n script_tag(name: \"summary\", value: \"A vulnerability was discovered in\nmysql-connector-java, a Java database (JDBC) driver for MySQL, which may result\nin unauthorized update, insert or delete access to some MySQL Connectors\naccessible data as well as read access to a subset of MySQL Connectors accessible\ndata. The vulnerability was addressed by upgrading mysql-connector-java to the new\nupstream version 5.1.39, which includes additional changes, such as bug\nfixes, new features, and possibly incompatible changes. Please see the\nMySQL Connector/J Release Notes and Oracle's Critical Patch Update\nadvisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysql-java\", ver:\"5.1.39-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:55:02", "bulletinFamily": "scanner", "description": "A vulnerability was discovered in\nmysql-connector-java, a Java database (JDBC) driver for MySQL, which may result\nin unauthorized update, insert or delete access to some MySQL Connectors\naccessible data as well as read access to a subset of MySQL Connectors accessible\ndata. The vulnerability was addressed by upgrading mysql-connector-java to the new\nupstream version 5.1.39, which includes additional changes, such as bug\nfixes, new features, and possibly incompatible changes. Please see the\nMySQL Connector/J Release Notes and Oracle", "modified": "2017-07-07T00:00:00", "published": "2016-07-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703621", "id": "OPENVAS:703621", "title": "Debian Security Advisory DSA 3621-1 (mysql-connector-java - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3621.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3621-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703621);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-2575\");\n script_name(\"Debian Security Advisory DSA 3621-1 (mysql-connector-java - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-07-18 00:00:00 +0200 (Mon, 18 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3621.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-connector-java on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 5.1.39-1~deb8u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\");\n script_tag(name: \"summary\", value: \"A vulnerability was discovered in\nmysql-connector-java, a Java database (JDBC) driver for MySQL, which may result\nin unauthorized update, insert or delete access to some MySQL Connectors\naccessible data as well as read access to a subset of MySQL Connectors accessible\ndata. The vulnerability was addressed by upgrading mysql-connector-java to the new\nupstream version 5.1.39, which includes additional changes, such as bug\nfixes, new features, and possibly incompatible changes. Please see the\nMySQL Connector/J Release Notes and Oracle's Critical Patch Update\nadvisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysql-java\", ver:\"5.1.39-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-22T16:38:16", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-04-22T00:00:00", "id": "OPENVAS:1361412562310805170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805170", "title": "Oracle MySQL Multiple Unspecified vulnerabilities-01 Apr15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln01_apr15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified vulnerabilities-01 Apr15 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mysql:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805170\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-2575\");\n script_bugtraq_id(74075);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 11:23:47 +0530 (Wed, 22 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle MySQL Multiple Unspecified vulnerabilities-01 Apr15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to Connector/J.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows remote\n authenticated users to affect confidentiality and integrity via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL 5.1.34 and earlier on windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(mysqlVer =~ \"^(5\\.1)\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.1\", test_version2:\"5.1.34\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:24:17", "bulletinFamily": "scanner", "description": "mysql-connector-java was updated to 5.1.35 to fix one security issue and a number of bugs.\n\nThe following vulnerability was fixed :\n\n - CVE-2015-2575: Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data.\n\nIn addition, mysql-connector-java was updated to 5.1.35 to fix a number of upstream bugs, details of which listed in CHANGES as well as http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html", "modified": "2018-11-19T00:00:00", "id": "OPENSUSE-2015-389.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83914", "published": "2015-06-01T00:00:00", "title": "openSUSE Security Update : mysql-connector-java (openSUSE-2015-389)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-389.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83914);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2015-2575\");\n\n script_name(english:\"openSUSE Security Update : mysql-connector-java (openSUSE-2015-389)\");\n script_summary(english:\"Check for the openSUSE-2015-389 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-connector-java was updated to 5.1.35 to fix one security issue\nand a number of bugs.\n\nThe following vulnerability was fixed :\n\n - CVE-2015-2575: Difficult to exploit vulnerability allows\n successful authenticated network attacks via multiple\n protocols. Successful attack of this vulnerability can\n result in unauthorized update, insert or delete access\n to some MySQL Connectors accessible data as well as read\n access to a subset of MySQL Connectors accessible data.\n\nIn addition, mysql-connector-java was updated to 5.1.35 to fix a\nnumber of upstream bugs, details of which listed in CHANGES as well as\nhttp://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n # http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927981\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mysql-connector-java-5.1.35-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mysql-connector-java-5.1.35-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-connector-java\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:27:27", "bulletinFamily": "scanner", "description": "A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug fixes, new features, and possibly incompatible changes. Please see the MySQL Connector/J Release Notes and Oracle's Critical Patch Update advisory for further details :\n\n - https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/ne ws-5-1.html\n - http://www.oracle.com/technetwork/topics/security/cpuapr 2015-2365600.html#AppendixMSQL", "modified": "2018-11-13T00:00:00", "id": "DEBIAN_DSA-3621.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92381", "published": "2016-07-19T00:00:00", "title": "Debian DSA-3621-1 : mysql-connector-java - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3621. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92381);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2015-2575\");\n script_xref(name:\"DSA\", value:\"3621\");\n\n script_name(english:\"Debian DSA-3621-1 : mysql-connector-java - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in mysql-connector-java, a Java\ndatabase (JDBC) driver for MySQL, which may result in unauthorized\nupdate, insert or delete access to some MySQL Connectors accessible\ndata as well as read access to a subset of MySQL Connectors accessible\ndata. The vulnerability was addressed by upgrading\nmysql-connector-java to the new upstream version 5.1.39, which\nincludes additional changes, such as bug fixes, new features, and\npossibly incompatible changes. Please see the MySQL Connector/J\nRelease Notes and Oracle's Critical Patch Update advisory for further\ndetails :\n\n -\n https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/ne\n ws-5-1.html\n -\n http://www.oracle.com/technetwork/topics/security/cpuapr\n 2015-2365600.html#AppendixMSQL\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?915d056a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-connector-java\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3621\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-connector-java packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.1.39-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmysql-java\", reference:\"5.1.39-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:27:17", "bulletinFamily": "scanner", "description": "A vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J) has been discovered that may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors. The issue is addressed by updating to the latest stable release of mysql-connector-java since Oracle did not release further information.\n\nPlease see Oracle's Critical Patch Update advisory for further details.\n\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-23 65613.html#MSQL\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 5.1.39-1~deb7u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-13T00:00:00", "id": "DEBIAN_DLA-526.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91832", "published": "2016-06-27T00:00:00", "title": "Debian DLA-526-1 : mysql-connector-java security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-526-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91832);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2015-2575\");\n script_bugtraq_id(74075);\n\n script_name(english:\"Debian DLA-526-1 : mysql-connector-java security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in the MySQL Connectors component of Oracle MySQL\n(subcomponent: Connector/J) has been discovered that may result in\nunauthorized update, insert or delete access to some MySQL Connectors\naccessible data as well as read access to a subset of MySQL\nConnectors. The issue is addressed by updating to the latest stable\nrelease of mysql-connector-java since Oracle did not release further\ninformation.\n\nPlease see Oracle's Critical Patch Update advisory for further\ndetails.\n\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-23\n65613.html#MSQL\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.1.39-1~deb7u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/06/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-connector-java\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html#MSQL\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e086d4a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libmysql-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysql-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysql-java\", reference:\"5.1.39-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2018-10-18T13:48:28", "bulletinFamily": "unix", "description": "Package : mysql-connector-java\nVersion : 5.1.39-1~deb7u1\nCVE ID : CVE-2015-2575\n\n\nA vulnerability in the MySQL Connectors component of Oracle MySQL\n(subcomponent: Connector/J) has been discovered that may result in\nunauthorized update, insert or delete access to some MySQL Connectors\naccessible data as well as read access to a subset of MySQL Connectors.\nThe issue is addressed by updating to the latest stable release of\nmysql-connector-java since Oracle did not release further information.\n\nPlease see Oracle's Critical Patch Update advisory for further details.\n\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html#MSQL\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.1.39-1~deb7u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2016-06-25T16:56:33", "published": "2016-06-25T16:56:33", "id": "DEBIAN:DLA-526-1:099F6", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201606/msg00027.html", "title": "[SECURITY] [DLA 526-1] mysql-connector-java security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-16T22:13:04", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3621-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-connector-java\nCVE ID : CVE-2015-2575\n\nA vulnerability was discovered in mysql-connector-java, a Java database\n(JDBC) driver for MySQL, which may result in unauthorized update, insert\nor delete access to some MySQL Connectors accessible data as well as\nread access to a subset of MySQL Connectors accessible data. The\nvulnerability was addressed by upgrading mysql-connector-java to the new\nupstream version 5.1.39, which includes additional changes, such as bug\nfixes, new features, and possibly incompatible changes. Please see the\nMySQL Connector/J Release Notes and Oracle's Critical Patch Update\nadvisory for further details:\n\n https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.1.39-1~deb8u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-07-18T16:31:54", "published": "2016-07-18T16:31:54", "id": "DEBIAN:DSA-3621-1:F2106", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00199.html", "title": "[SECURITY] [DSA 3621-1] mysql-connector-java security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:37", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 530297 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.0 | None | Low | MySQL \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.0 | None | Low | MySQL \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.0 | None | Low | MySQL \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP DNS | 12.0.0 | None | Low | MySQL \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP GTM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.0 | None | Low | MySQL \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | MySQL \nFirePass | None | 7.0.0 \n6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ ADC | 4.5.0 | None | Low | MySQL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>) \n\n", "modified": "2017-04-06T16:51:00", "published": "2015-08-14T19:38:00", "href": "https://support.f5.com/csp/article/K17115", "id": "F5:K17115", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:38", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS \n\n", "modified": "2016-06-28T00:00:00", "published": "2015-08-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17115.html", "id": "SOL17115", "title": "SOL17115 - Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "description": "Over 90 different vulnerabilities are fixed in quarterly update.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "SECURITYVULNS:VULN:14393", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14393", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:14:01", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 98 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2015-05-20T00:00:00", "published": "2015-04-14T00:00:00", "id": "ORACLE:CPUAPR2015-2365600", "href": "", "title": "Oracle Critical Patch Update - April 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}