Veracode Vulnerability DatabaseVERACODE:11508Information Disclosure
EPSS
Percentile
93.6%
mysql55-myql is vulnerable to information disclosure attacks. The vulnerability exists as Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
References
lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
seclists.org/fulldisclosure/2012/Dec/9
secunia.com/advisories/53372
security.gentoo.org/glsa/glsa-201308-06.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:102
www.openwall.com/lists/oss-security/2012/12/02/3
www.openwall.com/lists/oss-security/2012/12/02/4
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL
www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL
access.redhat.com/errata/RHSA-2014:1859
access.redhat.com/errata/RHSA-2014:1860
access.redhat.com/errata/RHSA-2014:1861
access.redhat.com/errata/RHSA-2014:1862
access.redhat.com/errata/RHSA-2014:1937
access.redhat.com/errata/RHSA-2014:1940
access.redhat.com/security/cve/CVE-2012-5615
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=882608
dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html
mariadb.atlassian.net/browse/MDEV-3909
rhn.redhat.com/errata/RHSA-2014-1859.html
Related
