CVE-2017-3460

{"id": "CVE-2017-3460", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2017-04-24T19:59:01.473", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/97826", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1038287", "source": "secalert_us@oracle.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2886", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Audit Plug-in). Las versiones compatibles que son afectadas son 5.7.17 y versiones anteriores. Vulnerabilidad f\u00e1cilmente explotable permite a un atacante de alto privilegio con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden resultar en habilidad no autorizada para provocar un bloqueo o repetible ca\u00edda de frecuencia (complete DOS) de MySQL Server. CVSS 3.0 Base Score 4.9 (Impactos de disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E11E000-1537-4DE2-9F20-C135557AA98B", "versionEndIncluding": "5.7.17"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}