update format

patch-1
Dhiyaneshwaran 2024-04-03 18:33:52 +05:30 committed by GitHub
parent bee35342f7
commit 371dce9375
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 1 deletions

View File

@ -3,13 +3,27 @@ id: CVE-2012-2122
info: info:
name: MySQL - Authentication Bypass name: MySQL - Authentication Bypass
author: pussycat0x author: pussycat0x
severity: critical severity: medium
description: | description: |
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
reference: reference:
- https://github.com/vulhub/vulhub/tree/master/mysql/CVE-2012-2122 - https://github.com/vulhub/vulhub/tree/master/mysql/CVE-2012-2122
- http://kb.askmonty.org/en/mariadb-5162-release-notes/
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://securitytracker.com/id?1027143
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P
cvss-score: 5.1
cve-id: CVE-2012-2122
cwe-id: CWE-287
epss-score: 0.97019
epss-percentile: 0.99732
cpe: cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*
metadata: metadata:
verified: true verified: true
vendor: oracle
product: mysql
shodan-query: product:"MySQL" shodan-query: product:"MySQL"
tags: cve,cve2012,js,enum,network,mssql,fuzz tags: cve,cve2012,js,enum,network,mssql,fuzz