CVE-2016-3477

Published Jul 21, 2016

Last updated 5 years ago

Overview

Description: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
Source: secalert_us@oracle.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.1
Impact score: 6
Exploitability score: 1.4
Vector string: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.1
Impact score: 6.4
Exploitability score: 2.7
Vector string: AV:L/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Evaluator

Comment: Scores reflect additional information provided in http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml: "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server."
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "161594FF-0DF8-43C8-B532-EBB20228023D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0744845-0230-47E7-866A-0880832B31C8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3890FB9-556E-49DD-9A1E-21DA45BFBE80",
            "versionEndIncluding": "5.5.49",
            "versionStartIncluding": "5.5.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8519121-8EA3-4851-A824-13921232DB02",
            "versionEndIncluding": "5.6.30",
            "versionStartIncluding": "5.6.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E576DEB-1E39-4582-BFAA-E1D9F311242D",
            "versionEndIncluding": "5.7.12",
            "versionStartIncluding": "5.7.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75234AB4-E57D-44ED-A3FF-E9A5B8C53C43",
            "versionEndExcluding": "5.5.50",
            "versionStartIncluding": "5.5.20"
          },
          {
            "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "164A66E3-C17C-4A73-9D74-597D7670A69C",
            "versionEndExcluding": "10.0.26",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6724CBC2-7F62-4D6A-8AF4-8E69F6F99D03",
            "versionEndExcluding": "10.1.15",
            "versionStartIncluding": "10.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Evaluator

Configurations

References