Executive Summary
Summary | |
---|---|
Title | mysql-connector-java security update |
Informations | |||
---|---|---|---|
Name | DSA-3621 | First vendor Publication | 2016-07-18 |
Vendor | Debian | Last vendor Modification | 2016-07-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.9 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug fixes, new features, and possibly incompatible changes. Please see the MySQL Connector/J Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL For the stable distribution (jessie), this problem has been fixed in version 5.1.39-1~deb8u1. We recommend that you upgrade your mysql-connector-java packages. |
Original Source
Url : http://www.debian.org/security/2016/dsa-3621 |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-09-15 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1082.nasl - Type : ACT_GATHER_INFO |
2016-07-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3621.nasl - Type : ACT_GATHER_INFO |
2016-06-27 | Name : The remote Debian host is missing a security update. File : debian_DLA-526.nasl - Type : ACT_GATHER_INFO |
2015-06-01 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-389.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-07-22 13:38:25 |
|
2016-07-19 21:37:35 |
|