Lucene search

K

[email protected]NVD:CVE-2012-5627

HistoryOct 01, 2013 - 5:55 p.m.

CVE-2012-5627

2013-10-0117:55:03

CWE-522

[email protected]

web.nvd.nist.gov

1

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Affected configurations

NVD

Node

oraclemysqlRange5.5.0–5.5.29

Node

mariadbmariadbRange5.2.0–5.2.14

OR

mariadbmariadbRange5.3.0–5.3.12

OR

mariadbmariadbRange5.5.0–5.5.29

OR

mariadbmariadbMatch10.0.0

References

seclists.org/fulldisclosure/2012/Dec/58

seclists.org/fulldisclosure/2012/Dec/83

seclists.org/oss-sec/2012/q4/424

secunia.com/advisories/53372

security.gentoo.org/glsa/glsa-201308-06.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:102

bugzilla.redhat.com/show_bug.cgi?id=883719

mariadb.atlassian.net/browse/MDEV-3915

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

Related for NVD:CVE-2012-5627

cve1 ubuntucve1 cvelist1 openvas4 mariadbunix1 cbl_mariner2 nessus11 seebug1 prion1 altlinux1 freebsd1 gentoo1