Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2012-5613 | First vendor Publication | 2012-12-03 |
Vendor | Cve | Last vendor Modification | 2024-03-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5613 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
MySQL FILE privilege elevation | More info here |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
2013-04-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1807-2.nasl - Type : ACT_GATHER_INFO |
2013-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1807-1.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-121227.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-03-21 09:28:44 |
|
2023-11-07 21:46:34 |
|
2023-02-13 00:27:38 |
|
2020-05-23 13:17:01 |
|
2020-05-23 00:35:18 |
|
2016-06-29 00:29:07 |
|
2016-04-26 22:30:19 |
|
2016-03-13 05:23:41 |
|
2016-03-12 21:24:20 |
|
2015-01-09 21:21:50 |
|
2014-02-21 13:22:32 |
|
2014-02-17 11:14:27 |
|
2013-10-11 13:24:53 |
|
2013-05-10 22:49:49 |
|
2013-03-08 13:19:23 |
|
2012-12-04 21:19:46 |
|
2012-12-04 00:19:08 |
|
2012-12-03 17:23:38 |
|