Описание
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [5.5.36-1]] |
| lucid | DNE | |
| precise | DNE | |
| trusty | not-affected | 5.5.36-1 |
| trusty/esm | DNE | trusty was not-affected [5.5.36-1] |
| upstream | released | 5.5.29 |
| utopic | not-affected | 5.5.36-1 |
| vivid | DNE | |
| wily | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 5.5.40-0ubuntu0.14.04.1 |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | released | 5.5.40-0ubuntu0.12.04.1 |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | ignored | end of life |
| trusty | released | 5.5.40-0ubuntu0.14.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.6.23-1~exp1~ubuntu4 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [5.6.27-0ubuntu0.14.04.1]] |
| lucid | DNE | |
| precise | DNE | |
| trusty | released | 5.6.27-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [5.6.27-0ubuntu0.14.04.1] |
| upstream | released | 5.6.20 |
| utopic | ignored | end of life |
| vivid | not-affected | 5.6.23-1~exp1~ubuntu4 |
| wily | not-affected | 5.6.23-1~exp1~ubuntu4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | ignored | end of life |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| trusty | DNE |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
EPSS
5 Medium
CVSS2