Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-5615

Published: 03/12/2012 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mariadb

Vulnerability Summary

Oracle MySQL 5.5.38 and previous versions, 5.6.19 and previous versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote malicious users to enumerate valid usernames.

Vulnerable Product Search on Vulmon Subscribe to Product

mariadb mariadb 5.5.28a

oracle mysql 5.5.19

mariadb mariadb 5.2.13

mariadb mariadb 5.1.66

mariadb mariadb 5.3.11

Vendor Advisories

Ubuntu Security Notice: mysql-5.5 vulnerabilities
Several security issues were fixed in MySQL ...
Debian CVElist Bug Report Logs: mysql-5.5: New MySQL issues
Debian Bug report logs - #695001 mysql-55: New MySQL issues Package: mysql-55; Maintainer for mysql-55 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 3 Dec 2012 07:54:02 UTC Severity: grave Tags: security Fixed in version mysql-5 ...
Debian Security Advisories: DSA-3054-1 mysql-5.5 -- security update
Several issues have been discovered in the MySQL database server The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5540 Please see the MySQL 55 Release Notes and Oracle's Critical Patch Update advisory for further details: devmysqlcom/doc/relnotes/mysql/55/en/news-5-5-39html devmysqlcom/doc ...

Exploits

Exploit DB: MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution
*** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE *** Attached is the MySQL Windows Remote Exploit (post-auth, udf technique) including the previously released mass scanner The exploit is mirrored at the farlight website wwwfarlightorg Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday All owned By Kingcope githubcom/offensi ...
Exploit DB: MySQL - Remote User Enumeration
# MySQL User Account Enumeration Utility # When an attacker authenticates using an incorrect password # with the old authentication mechanism from mysql 4x and below to a mysql 5x server # the mysql server will respond with a different message than Access Denied, what makes # User Account Enumeration possible # The Downside is that the attacker ...

References

CWE-200https://mariadb.atlassian.net/browse/MDEV-3909http://seclists.org/fulldisclosure/2012/Dec/9http://www.openwall.com/lists/oss-security/2012/12/02/3http://www.openwall.com/lists/oss-security/2012/12/02/4http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlhttp://security.gentoo.org/glsa/glsa-201308-06.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:102http://secunia.com/advisories/53372http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttps://usn.ubuntu.com/2384-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/23073/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook