Vulnerability CVE-2016-3452

Vulnerability Name:

CVE-2016-3452 (CCN-115321)

Assigned:

2016-07-19

Published:

2016-07-19

Updated:

2019-12-27

Summary:

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.

CVSS v3 Severity:

3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

3.7 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2016-3452

Source: CCN
Type: RHSA-2016-0705
Critical: rh-mysql56-mysql security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:0705

Source: CCN
Type: RHSA-2016-1132
Important: rh-mariadb100-mariadb security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1480

Source: CCN
Type: RHSA-2016-1481
Moderate: mariadb55-mariadb security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1481

Source: CCN
Type: RHSA-2016-1602
Important: mariadb security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1602

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168

Source: CCN
Type: IBM Security Bulletin T1024168 (PowerKVM)
Multiple vulnerabilities in mariadb affect PowerKVM

Source: CCN
Type: Oracle CPUJul2016
Oracle Critical Patch Update Advisory - July 2016

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Source: BID
Type: Third Party Advisory, VDB Entry
91787

Source: CCN
Type: BID-91787
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
91999

Source: CCN
Type: BID-91999
Oracle MySQL CVE-2016-3452 Remote Security Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036362

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1132

Source: XF
Type: UNKNOWN
oracle-cpujul2016-cve20163452(115321)

Source: CONFIRM
Type: Vendor Advisory
https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/

Source: CONFIRM
Type: Vendor Advisory
https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/

Source: CONFIRM
Type: Vendor Advisory
https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-3452

Vulnerable Configuration:

Configuration 1:

cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.5.0 and <= 5.5.48)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.6.0 and <= 5.6.29)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.7.0 and <= 5.7.10)

Configuration 3:

cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.5.20 and < 5.5.49)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 10.0.0 and < 10.0.25)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 10.1.0 and < 10.1.14)

Configuration 4:

cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:oracle:linux:7:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.cisecurity:def:1294	V	Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 – CVE-2016-3452	2016-11-25
oval:com.redhat.rhsa:def:20161602	P	RHSA-2016:1602: mariadb security update (Important)	2016-08-11
oval:com.ubuntu.disco:def:201634520000000	V	CVE-2016-3452 on Ubuntu 19.04 (disco) - medium.	2016-07-21
oval:com.ubuntu.precise:def:20163452000	V	CVE-2016-3452 on Ubuntu 12.04 LTS (precise) - medium.	2016-07-21
oval:com.ubuntu.cosmic:def:201634520000000	V	CVE-2016-3452 on Ubuntu 18.10 (cosmic) - medium.	2016-07-21
oval:com.ubuntu.artful:def:20163452000	V	CVE-2016-3452 on Ubuntu 17.10 (artful) - medium.	2016-07-21
oval:com.ubuntu.trusty:def:20163452000	V	CVE-2016-3452 on Ubuntu 14.04 LTS (trusty) - medium.	2016-07-21
oval:com.ubuntu.bionic:def:201634520000000	V	CVE-2016-3452 on Ubuntu 18.04 LTS (bionic) - medium.	2016-07-21
oval:com.ubuntu.bionic:def:20163452000	V	CVE-2016-3452 on Ubuntu 18.04 LTS (bionic) - medium.	2016-07-21
oval:com.ubuntu.xenial:def:20163452000	V	CVE-2016-3452 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-21
oval:com.ubuntu.xenial:def:201634520000000	V	CVE-2016-3452 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-21
oval:com.ubuntu.cosmic:def:20163452000	V	CVE-2016-3452 on Ubuntu 18.10 (cosmic) - medium.	2016-07-21

BACK