Описание
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mysql | Under investigation | ||
| Red Hat Enterprise Linux 5 | mysql55-mysql | Fixed | RHSA-2014:1859 | 17.11.2014 |
| Red Hat Enterprise Linux 7 | mariadb | Fixed | RHSA-2014:1861 | 17.11.2014 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | mariadb-galera | Fixed | RHSA-2014:1937 | 02.12.2014 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | mariadb-galera | Fixed | RHSA-2014:1940 | 02.12.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | mysql55-mysql | Fixed | RHSA-2014:1860 | 17.11.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | mariadb55-mariadb | Fixed | RHSA-2014:1862 | 17.11.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | mysql55-mysql | Fixed | RHSA-2014:1860 | 17.11.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | mariadb55-mariadb | Fixed | RHSA-2014:1862 | 17.11.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | mysql55-mysql | Fixed | RHSA-2014:1860 | 17.11.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS2
Связанные уязвимости
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
EPSS
3.5 Low
CVSS2