Vulnerabilities > CVE-2002-1921 - Unspecified vulnerability in Oracle Mysql
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
Vulnerable Configurations
Nessus
NASL family | Databases |
NASL id | MYSQL_3_WEAK_DEFAULT_CONFIG.NASL |
description | The version of MySQL installed on the remote host is 3.20.32 to 3.23.52. On Windows, the default configuration used in these versions is weak : - The database server binds to all network interfaces and can be reached from outside. (CVE-2002-1921) - Logging is disabled, attackers will not be detected. (CVE-2002-1923) - root |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17821 |
published | 2012-01-18 |
reporter | This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/17821 |
title | MySQL 3.20.32 - 3.23.52 Weak Default Configuration |
code |
|