5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N
Oracle MySQL is vulnerable to man-in-the-middle attacks. The attacker could hijack client’s authentication to the server even if the client was configured to require SSL connection since MySQL client command line tools only checks after authentication whether server supported SSL. Affected component is C API
.
riddle.link/
www.debian.org/security/2017/dsa-3834
www.openwall.com/lists/oss-security/2017/03/17/3
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL
www.securityfocus.com/bid/97023
www.securitytracker.com/id/1038287
access.redhat.com/errata/RHSA-2017:2787
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1477575
bugzilla.redhat.com/show_bug.cgi?id=1482122
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N