Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.117193 |
Categoría: | Databases |
Título: | Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016) - Linux |
Resumen: | Oracle MySQL Server is prone to a vulnerability in a third party library. |
Descripción: | Summary: Oracle MySQL Server is prone to a vulnerability in a third party library. Vulnerability Insight: wolfSSL (formerly CyaSSL) as used in MySQL does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server. Vulnerability Impact: The flaw makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. Affected Software/OS: Oracle MySQL Server versions 5.5.45 and prior and 5.6 through 5.6.26. Solution: Updates are available. Please see the references for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7744 https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ http://www.securitytracker.com/id/1034708 SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |