Lucene search

K

[email protected]NVD:CVE-2017-3309

HistoryApr 24, 2017 - 7:59 p.m.

CVE-2017-3309

2017-04-2419:59:00

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily “exploitable” vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Affected configurations

NVD

Node

oraclemysqlRange5.5.0–5.5.54

OR

oraclemysqlRange5.6.0–5.6.35

OR

oraclemysqlRange5.7.0–5.7.17

Node

debiandebian_linuxMatch8.0

Node

mariadbmariadbRange5.5.0–5.5.55

OR

mariadbmariadbRange10.0.0–10.0.31

OR

mariadbmariadbRange10.1.0–10.1.23

OR

mariadbmariadbRange10.2.0–10.2.6

Node

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_eusMatch7.4

OR

redhatenterprise_linux_eusMatch7.5

OR

redhatenterprise_linux_eusMatch7.6

OR

redhatenterprise_linux_eusMatch7.7

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_ausMatch7.4

OR

redhatenterprise_linux_server_ausMatch7.6

OR

redhatenterprise_linux_server_ausMatch7.7

OR

redhatenterprise_linux_server_tusMatch7.6

OR

redhatenterprise_linux_server_tusMatch7.7

OR

redhatenterprise_linux_workstationMatch7.0

References

www.debian.org/security/2017/dsa-3834

www.debian.org/security/2017/dsa-3944

www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

www.securityfocus.com/bid/97742

www.securitytracker.com/id/1038287

access.redhat.com/errata/RHSA-2017:2192

access.redhat.com/errata/RHSA-2017:2787

access.redhat.com/errata/RHSA-2017:2886

access.redhat.com/errata/RHSA-2018:0279

access.redhat.com/errata/RHSA-2018:0574

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

Related for NVD:CVE-2017-3309

prion1 cve1 debiancve1 osv4 mariadbunix1 cvelist1 ubuntucve1 veracode1 alpinelinux1 f51 nessus44 openvas22 suse6 slackware1 debian5 altlinux1 fedora7 amazon2 ibm1 ubuntu2 oraclelinux1 redhat5 centos1 freebsd1 gentoo1 oracle1