Vulnerabilities > CVE-2012-1756

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

oracle

mariadb

nessus

NVD

Published: 2012-07-17

Updated: 2022-08-29

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql 5.5.0 Oracle Mysql 5.5.1 Oracle Mysql 5.5.2 Oracle Mysql 5.5.3 Oracle Mysql 5.5.4 Oracle Mysql 5.5.5 Oracle Mysql 5.5.6 Oracle Mysql 5.5.7 Oracle Mysql 5.5.8 Oracle Mysql 5.5.9 Oracle Mysql 5.5.10 Oracle Mysql 5.5.11 Oracle Mysql 5.5.12 Oracle Mysql 5.5.13 Oracle Mysql 5.5.14 Oracle Mysql 5.5.15 Oracle Mysql 5.5.16 Oracle Mysql 5.5.17 Oracle Mysql 5.5.18 Oracle Mysql 5.5.19 Oracle Mysql 5.5.20 Oracle Mysql 5.5.21 Oracle Mysql 5.5.22	23
Application	Mariadb Mariadb Mariadb 5.5.0 Mariadb Mariadb 5.5.20 Mariadb Mariadb 5.5.21 Mariadb Mariadb 5.5.22 Mariadb Mariadb 5.5.23	5

Nessus

NASL family	Databases
NASL id	MYSQL_5_5_24.NASL
description	The version of MySQL 5.5 installed on the remote host is earlier than 5.5.24 and is, therefore, affected by the following vulnerabilities : - Several errors exist related to
last seen	2020-06-01
modified	2020-06-02
plugin id	59449
published	2012-06-11
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59449
title	MySQL 5.5 < 5.5.24 Security Bypass Vulnerability
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59449); script_version("1.19"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-0540", "CVE-2012-1734", "CVE-2012-1735", "CVE-2012-1756", "CVE-2012-1757", "CVE-2012-2122", "CVE-2012-2749" ); script_bugtraq_id( 53911, 54524, 54526, 54540, 54549, 54551, 55120 ); script_xref(name:"EDB-ID", value:"19092"); script_name(english:"MySQL 5.5 < 5.5.24 Security Bypass Vulnerability"); script_summary(english:"Checks version of MySQL server"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by a security bypass vulnerability."); script_set_attribute(attribute:"description", value: "The version of MySQL 5.5 installed on the remote host is earlier than 5.5.24 and is, therefore, affected by the following vulnerabilities : - Several errors exist related to 'GIS Extension', 'Server', 'InnoDB' and 'Server Optimizer' components that can allow denial of service attacks. (CVE-2012-0540, CVE-2012-1734, CVE-2012-1735, CVE-2012-1756, CVE-2012-1757) - A security bypass vulnerability exists that occurs due to improper casting during user login sessions. (Bug #64884 / CVE-2012-2122) - An error exists related to key length and sort order index that can lead to application crashes. (Bug #59387 / CVE-2012-2749)"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/oss-sec/2012/q2/493"); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html"); # https://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html#Oracle%20MySQL script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d4671b2"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.5.24 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2122"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:'5.5.24', min:'5.5', severity:SECURITY_WARNING);

Vulnerabilities > CVE-2012-1756 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2012-1756"}]}

Summary

Vulnerable Configurations

Nessus

References

Vulnerabilities > CVE-2012-1756