Lucene search

RedhatCVE-2012-4414

HistoryJan 22, 2013 - 11:55 p.m.

CVE-2012-4414

2013-01-2223:55:02

CWE-89

redhat

web.nvd.nist.gov

cve-2012-4414

sql injection

oracle mysql

mariadb

remote authenticated users

arbitrary sql commands

binary log

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

53.6%

JSON

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Affected configurations

Nvd

Node

oraclemysqlRange≤5.5.28

oraclemysqlMatch5.1.51

oraclemysqlMatch5.1.52

oraclemysqlMatch5.1.52sp1

oraclemysqlMatch5.1.53

oraclemysqlMatch5.1.54

oraclemysqlMatch5.1.55

oraclemysqlMatch5.1.56

oraclemysqlMatch5.1.57

oraclemysqlMatch5.1.58

oraclemysqlMatch5.1.59

oraclemysqlMatch5.1.60

oraclemysqlMatch5.1.61

oraclemysqlMatch5.1.62

oraclemysqlMatch5.1.63

oraclemysqlMatch5.1.64

oraclemysqlMatch5.1.65

oraclemysqlMatch5.1.66

oraclemysqlMatch5.1.67

oraclemysqlMatch5.5.10

oraclemysqlMatch5.5.11

oraclemysqlMatch5.5.12

oraclemysqlMatch5.5.13

oraclemysqlMatch5.5.14

oraclemysqlMatch5.5.15

oraclemysqlMatch5.5.16

oraclemysqlMatch5.5.17

oraclemysqlMatch5.5.18

oraclemysqlMatch5.5.19

oraclemysqlMatch5.5.20

oraclemysqlMatch5.5.21

oraclemysqlMatch5.5.22

oraclemysqlMatch5.5.23

oraclemysqlMatch5.5.24

oraclemysqlMatch5.5.25

oraclemysqlMatch5.5.25a

oraclemysqlMatch5.5.26

oraclemysqlMatch5.5.27

Node

mariadbmariadbMatch5.1.41

mariadbmariadbMatch5.1.42

mariadbmariadbMatch5.1.44

mariadbmariadbMatch5.1.47

mariadbmariadbMatch5.1.49

mariadbmariadbMatch5.1.50

mariadbmariadbMatch5.1.51

mariadbmariadbMatch5.1.53

mariadbmariadbMatch5.1.55

mariadbmariadbMatch5.1.60

mariadbmariadbMatch5.1.61

mariadbmariadbMatch5.1.62

Node

mariadbmariadbMatch5.2.0

mariadbmariadbMatch5.2.1

mariadbmariadbMatch5.2.2

mariadbmariadbMatch5.2.3

mariadbmariadbMatch5.2.4

mariadbmariadbMatch5.2.5

mariadbmariadbMatch5.2.6

mariadbmariadbMatch5.2.7

mariadbmariadbMatch5.2.8

mariadbmariadbMatch5.2.9

mariadbmariadbMatch5.2.10

mariadbmariadbMatch5.2.11

mariadbmariadbMatch5.2.12

Node

mariadbmariadbMatch5.3.0

mariadbmariadbMatch5.3.1

mariadbmariadbMatch5.3.2

mariadbmariadbMatch5.3.3

mariadbmariadbMatch5.3.4

mariadbmariadbMatch5.3.5

mariadbmariadbMatch5.3.6

mariadbmariadbMatch5.3.7

Node

mariadbmariadbMatch5.5.20

mariadbmariadbMatch5.5.21

mariadbmariadbMatch5.5.22

mariadbmariadbMatch5.5.23

mariadbmariadbMatch5.5.24

mariadbmariadbMatch5.5.25

VendorProductVersionCPE
oraclemysql*cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
oraclemysql5.1.51cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*
oraclemysql5.1.52cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*
oraclemysql5.1.52cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*
oraclemysql5.1.53cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*
oraclemysql5.1.54cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*
oraclemysql5.1.55cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*
oraclemysql5.1.56cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*
oraclemysql5.1.57cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*
oraclemysql5.1.58cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	mysql	*	cpe:2.3:a:oracle:mysql::::::::
oracle	mysql	5.1.51	cpe:2.3:a:oracle:mysql:5.1.51:::::::*
oracle	mysql	5.1.52	cpe:2.3:a:oracle:mysql:5.1.52:::::::*
oracle	mysql	5.1.52	cpe:2.3:a:oracle:mysql:5.1.52:sp1::::::
oracle	mysql	5.1.53	cpe:2.3:a:oracle:mysql:5.1.53:::::::*
oracle	mysql	5.1.54	cpe:2.3:a:oracle:mysql:5.1.54:::::::*
oracle	mysql	5.1.55	cpe:2.3:a:oracle:mysql:5.1.55:::::::*
oracle	mysql	5.1.56	cpe:2.3:a:oracle:mysql:5.1.56:::::::*
oracle	mysql	5.1.57	cpe:2.3:a:oracle:mysql:5.1.57:::::::*
oracle	mysql	5.1.58	cpe:2.3:a:oracle:mysql:5.1.58:::::::*