CVE-2016-5584 : Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

Published 2016-10-25 14:30:55

Updated 2025-04-12 10:46:41

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2016-5584

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.7.0 and up to, including, (<=) 5.7.15
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.6.0 and up to, including, (<=) 5.6.33
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.5.0 and up to, including, (<=) 5.5.52
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 5.5.0 and before (<) 5.5.53
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.1.0 and before (<) 10.1.19
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.0.0 and before (<) 10.0.28
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2016-5584

Top countries where our scanners detected CVE-2016-5584

Top open port discovered on systems with this issue 3306

IPs affected by CVE-2016-5584 454,879

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-5584!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-5584

EPSS FAQ

0.85%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5584

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.4	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N	0.7	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2016-5584

https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

MariaDB 10.0.28 Release Notes - MariaDB Knowledge Base
Release Notes;Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3706

Debian -- Security Information -- DSA-3706-1 mysql-5.5
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201701-01

MariaDB and MySQL: Multiple vulnerabilities (GLSA 201701-01) — Gentoo security
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Oracle Critical Patch Update - October 2016
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/93735

Oracle MySQL CVE-2016-5584 Remote Security Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1037050

MySQL Multiple Bugs Let Remote Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Modify Data and Gain Elevated Privileges - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-5584

Products affected by CVE-2016-5584

Threat overview for CVE-2016-5584

Exploit prediction scoring system (EPSS) score for CVE-2016-5584

CVSS scores for CVE-2016-5584

References for CVE-2016-5584