Vulnerability CVE-2015-4890

Vulnerability Name:

CVE-2015-4890 (CCN-107401)

Assigned:

2015-10-20

Published:

2015-10-20

Updated:

2016-12-24

Summary:

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.

CVSS v3 Severity:

2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P)
2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2015-4890

Source: CCN
Type: RHSA-2016-0705
Critical: rh-mysql56-mysql security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:0705

Source: CCN
Type: IBM Security Bulletin 1973719
Multiple vulnerabilities in OpenSource Oracle Mysql affect IBM Security Guardium Database Activity Monitor

Source: CCN
Type: Oracle Critical Patch Update Advisory - October 2015
Oracle Critical Patch Update Advisory - October 2015

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Source: BID
Type: UNKNOWN
77231

Source: CCN
Type: BID-77231
Oracle MySQL Server CVE-2015-4890 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1033894

Source: UBUNTU
Type: UNKNOWN
USN-2781-1

Source: XF
Type: UNKNOWN
oracle-cpuoct2015-cve20154890(107401)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-4890

Vulnerable Configuration:

Configuration 1:

cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version <= 5.6.26)

Configuration CCN 1:

cpe:/a:oracle:mysql:5.6.25:*:*:*:*:*:*:*

AND

cpe:/a:ibm:security_guardium:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:9.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20154890	V	CVE-2015-4890	2022-06-30
oval:org.opensuse.security:def:112714	P	libmysql56client18-32bit-5.6.34-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:34683	P	Security update for ghostscript (Moderate)	2022-01-14
oval:org.opensuse.security:def:30170	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:34049	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:106187	P	Security update for libvirt (Important) (in QA)	2021-12-30
oval:org.opensuse.security:def:34621	P	Security update for mariadb (Moderate)	2021-12-30
oval:org.opensuse.security:def:55987	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:55984	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:56103	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:34596	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:55259	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:31292	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:34557	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:30256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:56079	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:31282	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:31254	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:30113	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:32129	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:36220	P	libssh2-1-1.2.9-4.2.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36178	P	libblkid1-2.19.1-6.72.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55910	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:57453	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:34450	P	Security update for squid (Important)	2021-06-02
oval:org.opensuse.security:def:56022	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:33913	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:55879	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:34665	P	Security update for ovmf (Moderate)	2021-03-30
oval:org.opensuse.security:def:28959	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:54771	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:30025	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:31338	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:57548	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:54749	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:28924	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:32168	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:34508	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:54742	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:54748	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:35540	P	enscript-1.6.4-152.17.55 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:30674	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:55149	P	imobiledevice-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35162	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:27546	P	python-logilab-common on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33818	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26595	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27767	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:30514	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:26828	P	system-config-printer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27585	P	xorg-x11-libXp-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31039	P	Security update for kdelibs3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35496	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:54602	P	libsndfile1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34146	P	Security update for opensc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27021	P	pyxml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28073	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:34684	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:27113	P	ecryptfs-utils-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28087	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31426	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35303	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:27341	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55425	P	yast2-users on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27805	P	Security update for libpng12-0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30673	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:54911	P	libpng16-16 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35072	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27507	P	libxml2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28286	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:26467	P	Security update for redis (Important)	2020-12-01
oval:org.opensuse.security:def:27683	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:30465	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27521	P	novell-ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30982	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:35469	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28790	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:54580	P	libopenssl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26968	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28059	P	Security update for dom4j (Moderate)	2020-12-01
oval:org.opensuse.security:def:27032	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27936	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31387	P	Security update for openvpn-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56272	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27340	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29893	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:27167	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35015	P	Security update for gpgme	2020-12-01
oval:org.opensuse.security:def:27458	P	libldb-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28242	P	Security update for libwmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:26403	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:27626	P	Security update for IBM Java 6	2020-12-01
oval:org.opensuse.security:def:30410	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27510	P	lighttpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30891	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:55594	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:35430	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28755	P	Security update for pixman	2020-12-01
oval:org.opensuse.security:def:54579	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26817	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28020	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:30616	P	Security update for tomcat6	2020-12-01
oval:org.opensuse.security:def:26904	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27852	P	Security update for perl	2020-12-01
oval:org.opensuse.security:def:56191	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:29820	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:55153	P	java-1_8_0-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27123	P	file-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34915	P	Security update for elfutils	2020-12-01
oval:org.opensuse.security:def:27405	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28228	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:57379	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26392	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:27544	P	python-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27509	P	libyaml-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30759	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:55428	P	zsh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35381	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27604	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:33830	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26733	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27971	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:30572	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:57622	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:26840	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27795	P	Security update for libksba	2020-12-01
oval:org.opensuse.security:def:56153	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:27840	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:29809	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:54980	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34292	P	Security update for libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, python-32bit, python-base, python-base-32bit, python-base-debuginfo, python-base-debuginfo-32bit, python-base-debuginfo-x86, python-base-debugsource, python-base-x86, python-curses, python-debuginfo, python-debuginfo-32bit, python-debuginfo-x86, python-debugsource, python-demo, python-devel, python-doc, python-doc-pdf, python-gdbm, python-idle, python-tk, python-x86, python-xml	2020-12-01
oval:org.opensuse.security:def:27109	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34779	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27254	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28189	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31491	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:26391	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:27416	P	gtk2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55818	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:30685	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:55322	P	libzmq3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35322	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:27560	P	rubygem-json_pure on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33819	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26676	P	cifs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27918	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:30553	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:26829	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27713	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31126	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:29808	P	Security update for jakarta-commons-fileupload	2020-12-01
oval:org.opensuse.security:def:34203	P	Security update for perl-Config-General	2020-12-01
oval:org.opensuse.security:def:27070	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28117	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:34695	P	Security update for xorg-x11-libXp	2020-12-01
oval:org.opensuse.security:def:27170	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28140	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31447	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35344	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:27352	P	sblim-sfcb-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55710	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:28277	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:80087	P	Security update for mysql (Moderate)	2015-12-18
oval:org.opensuse.security:def:80256	P	Security update for mysql (Moderate)	2015-12-18
oval:com.ubuntu.artful:def:20154890000	V	CVE-2015-4890 on Ubuntu 17.10 (artful) - medium.	2015-10-21
oval:com.ubuntu.precise:def:20154890000	V	CVE-2015-4890 on Ubuntu 12.04 LTS (precise) - medium.	2015-10-21
oval:com.ubuntu.xenial:def:201548900000000	V	CVE-2015-4890 on Ubuntu 16.04 LTS (xenial) - medium.	2015-10-21
oval:com.ubuntu.trusty:def:20154890000	V	CVE-2015-4890 on Ubuntu 14.04 LTS (trusty) - medium.	2015-10-21
oval:com.ubuntu.xenial:def:20154890000	V	CVE-2015-4890 on Ubuntu 16.04 LTS (xenial) - medium.	2015-10-21

BACK