Lucene search

[email protected]CVE-2016-3452

HistoryJul 21, 2016 - 10:12 a.m.

CVE-2016-3452

2016-07-2110:12:16

[email protected]

web.nvd.nist.gov

cve-2016-3452

unspecified vulnerability

oracle mysql

mariadb

remote attack

confidentiality

security encryption

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.0%

JSON

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

oraclemysqlRange5.5.0–5.5.48

oraclemysqlRange5.6.0–5.6.29

oraclemysqlRange5.7.0–5.7.10

Node

mariadbmariadbRange5.5.20–5.5.49

mariadbmariadbRange10.0.0–10.0.25

mariadbmariadbRange10.1.0–10.1.14

Node

ibmpowerkvmMatch2.1

ibmpowerkvmMatch3.1

Node

oraclelinuxMatch7

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq6.0
redhat:enterprise_linuxredhat enterprise linuxeq7.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
redhat:enterprise_linux	redhat enterprise linux	eq	7.0

References

rhn.redhat.com/errata/RHSA-2016-0705.html

rhn.redhat.com/errata/RHSA-2016-1480.html

rhn.redhat.com/errata/RHSA-2016-1481.html

rhn.redhat.com/errata/RHSA-2016-1602.html

www-01.ibm.com/support/docview.wss?uid=isg3T1024168

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.securityfocus.com/bid/91787

www.securityfocus.com/bid/91999

www.securitytracker.com/id/1036362

access.redhat.com/errata/RHSA-2016:1132

mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/

mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/

mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for CVE-2016-3452

prion1 nvd1 openvas7 veracode1 osv1 cvelist1 ubuntucve1 redhatcve1 alpinelinux1 mariadbunix1 nessus22 oraclelinux1 ibm1 redhat5 centos1 f52 kaspersky1 freebsd1 amazon1 oracle1