Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2016-2047
HistoryJan 27, 2016 - 12:00 a.m.

CVE-2016-2047

2016-01-2700:00:00
ubuntu.com
ubuntu.com
12

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

The ssl_verify_server_cert function in sql-common/client.c in MariaDB
before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle
MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and
Percona Server do not properly verify that the server hostname matches a
domain name in the subject’s Common Name (CN) or subjectAltName field of
the X.509 certificate, which allows man-in-the-middle attackers to spoof
SSL servers via a “/CN=” string in a field in a certificate, as
demonstrated by “/OU=/CN=bar.com/CN=foo.com.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu15.04noarchmariadb-10.0< 10.0.23-0ubuntu0.15.04.1UNKNOWN
ubuntu15.10noarchmariadb-10.0< 10.0.23-0ubuntu0.15.10.1UNKNOWN
ubuntu14.04noarchmariadb-5.5< 5.5.47-1ubuntu0.14.04.1UNKNOWN
ubuntu12.04noarchmysql-5.5< 5.5.49-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchmysql-5.5< 5.5.49-0ubuntu0.14.04.1UNKNOWN
ubuntu14.04noarchmysql-5.6< 5.6.30-0ubuntu0.14.04.1UNKNOWN
ubuntu15.10noarchmysql-5.6< 5.6.30-0ubuntu0.15.10.1UNKNOWN
ubuntu17.10noarchmysql-5.7< 5.7.13-0ubuntu4UNKNOWN
ubuntu18.04noarchmysql-5.7< 5.7.13-0ubuntu4UNKNOWN
ubuntu18.10noarchmysql-5.7< 5.7.13-0ubuntu4UNKNOWN
Rows per page:
1-10 of 171

Related

mariadbunix 1
ibm 1
prion 1
veracode 1
f5 2
nessus 32
openvas 26
cve 1
fedora 2
amazon 2
debian 5
kaspersky 2
osv 1
ubuntu 2
suse 6
oraclelinux 1
redhat 6
centos 1
freebsd 1
oracle 1
mariadbunix
mariadbunix
CVE-2016-2047
2016-01-27 20:59:00
ibm
ibm
Security Bulletin: OpenSource Oracle MySQL Vulnerability affects IBM Security Guardium (CVE-2016-2047)
2018-06-16 21:42:56
prion
prion
Code injection
2016-01-27 20:59:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 05:29:21
f5
f5
SOL53729441 - MySQL vulnerability CVE-2016-2047
2016-07-26 00:00:00
K53729441 : MySQL vulnerability CVE-2016-2047
2016-07-26 00:00:00
nessus
nessus
F5 Networks BIG-IP : MySQL vulnerability (K53729441)
2018-08-15 00:00:00
MySQL 5.5.x < 5.5.49 Multiple Vulnerabilities
2016-04-22 00:00:00
Fedora 22 : community-mysql (2016-1aaf308de4)
2016-07-14 00:00:00
openvas
openvas
MariaDB MITM Vulnerability (MDEV-9212) - Linux
2016-02-02 00:00:00
MariaDB MITM Vulnerability (MDEV-9212) - Windows
2016-02-02 00:00:00
Oracle MySQL Server <= 5.5.48 / 5.6 <= 5.6.29 / 5.7 <= 5.7.11 Security Update (cpuapr2016v3) - Linux
2016-05-05 00:00:00
cve
cve
CVE-2016-2047
2016-01-27 20:59:00
fedora
fedora
[SECURITY] Fedora 23 Update: community-mysql-5.6.30-1.fc23
2016-05-15 05:37:20
[SECURITY] Fedora 22 Update: community-mysql-5.6.30-1.fc22
2016-05-16 14:58:35
amazon
amazon
Critical: mysql56
2016-05-18 14:00:00
Important: mysql55
2016-08-17 13:30:00
debian
debian
[SECURITY] [DSA 3453-1] mariadb-10.0 security update
2016-01-25 20:41:01
[SECURITY] [DSA 3453-1] mariadb-10.0 security update
2016-01-25 20:41:01
[SECURITY] [DSA 3557-1] mysql-5.5 security update
2016-04-26 17:32:19
kaspersky
kaspersky
KLA10749 Multiple vulnerabilities in MariaDB
2016-01-27 00:00:00
KLA10794 Multiple vulnerabilities in Oracle MySQL
2016-04-19 00:00:00
osv
osv
mysql-5.5 - security update
2016-04-26 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2016-04-25 00:00:00
MySQL vulnerabilities
2016-04-21 00:00:00
suse
suse
Security update for mysql (important)
2016-05-11 18:10:17
Security update for mysql-community-server (important)
2016-05-18 14:14:23
Security update for mariadb (important)
2016-06-17 20:09:22
oraclelinux
oraclelinux
mariadb security and bug fix update
2016-03-31 00:00:00
redhat
redhat
(RHSA-2016:22610) Moderate: mariadb security and bug fix update
2016-02-03 05:00:00
(RHSA-2016:0534) Moderate: mariadb security and bug fix update
2016-03-31 14:15:24
(RHSA-2016:1481) Moderate: mariadb55-mariadb security update
2016-07-25 07:45:27
centos
centos
mariadb security update
2016-03-31 20:53:35
freebsd
freebsd
MySQL -- multiple vulnerabilities
2016-04-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON
Related for UB:CVE-2016-2047
mariadbunix1ibm1prion1veracode1f52nessus32openvas26cve1fedora2amazon2debian5kaspersky2osv1ubuntu2suse6oraclelinux1redhat6centos1freebsd1oracle1