Vulnerability Name:

CVE-2016-3471 (CCN-115303)

Assigned:2016-07-19
Published:2016-07-19
Updated:2022-07-05
Summary:Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:M/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Multiple_Instances
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2016-3471

Source: CCN
Type: RHSA-2016-0534
Moderate: mariadb security and bug fix update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:0534

Source: CCN
Type: RHSA-2016-0705
Critical: rh-mysql56-mysql security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:0705

Source: CCN
Type: RHSA-2016-1132
Important: rh-mariadb100-mariadb security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1480

Source: CCN
Type: RHSA-2016-1481
Moderate: mariadb55-mariadb security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1481

Source: CCN
Type: Oracle CPUJul2016
Oracle Critical Patch Update Advisory - July 2016

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: BID
Type: Third Party Advisory, VDB Entry
91787

Source: CCN
Type: BID-91787
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
91913

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036362

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1132

Source: XF
Type: UNKNOWN
oracle-cpujul2016-cve20163471(115303)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-3471

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.5.0 and <= 5.5.45)
  • OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.6.0 and <= 5.6.26)

    • Configuration 2:
  • cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 10.0.0 and < 10.0.22)
  • OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 10.1.0 and < 10.1.9)
  • OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.5.0 and < 5.5.46)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:1296
    V
    		Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier – CVE-2016-3471
    2016-11-25
    oval:com.ubuntu.disco:def:201634710000000
    V
    		CVE-2016-3471 on Ubuntu 19.04 (disco) - medium.
    2016-07-21
    oval:com.ubuntu.precise:def:20163471000
    V
    		CVE-2016-3471 on Ubuntu 12.04 LTS (precise) - medium.
    2016-07-21
    oval:com.ubuntu.cosmic:def:201634710000000
    V
    		CVE-2016-3471 on Ubuntu 18.10 (cosmic) - medium.
    2016-07-21
    oval:com.ubuntu.artful:def:20163471000
    V
    		CVE-2016-3471 on Ubuntu 17.10 (artful) - medium.
    2016-07-21
    oval:com.ubuntu.trusty:def:20163471000
    V
    		CVE-2016-3471 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-07-21
    oval:com.ubuntu.bionic:def:201634710000000
    V
    		CVE-2016-3471 on Ubuntu 18.04 LTS (bionic) - medium.
    2016-07-21
    oval:com.ubuntu.bionic:def:20163471000
    V
    		CVE-2016-3471 on Ubuntu 18.04 LTS (bionic) - medium.
    2016-07-21
    oval:com.ubuntu.xenial:def:20163471000
    V
    		CVE-2016-3471 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-07-21
    oval:com.ubuntu.xenial:def:201634710000000
    V
    		CVE-2016-3471 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-07-21
    oval:com.ubuntu.cosmic:def:20163471000
    V
    		CVE-2016-3471 on Ubuntu 18.10 (cosmic) - medium.
    2016-07-21
    oval:com.redhat.rhsa:def:20160534
    P
    		RHSA-2016:0534: mariadb security and bug fix update (Moderate)
    2016-03-31
    BACK
    oracle mysql *
    oracle mysql *
    redhat enterprise linux 7.0
    redhat enterprise linux 6.0
    mariadb mariadb *
    mariadb mariadb *
    mariadb mariadb *
    redhat enterprise linux desktop 7
    redhat enterprise linux hpc node 7
    redhat enterprise linux hpc node eus 7.2
    redhat enterprise linux server 7
    redhat enterprise linux server aus 7.2
    redhat enterprise linux server eus 7.2
    redhat enterprise linux workstation 7