Vulnerability Details : CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability category: Denial of service
Products affected by CVE-2019-2737
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Threat overview for CVE-2019-2737
Top countries where our scanners detected CVE-2019-2737
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2019-2737 444,722
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-2737!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-2737
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-2737
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.2
|
3.6
|
NIST |
References for CVE-2019-2737
-
https://usn.ubuntu.com/4070-1/
USN-4070-1: MySQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3708
RHSA-2019:3708 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html
[security-announce] openSUSE-SU-2019:2698-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/
[SECURITY] Fedora 29 Update: community-mysql-8.0.17-2.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019Patch;Vendor Advisory
-
https://usn.ubuntu.com/4070-2/
USN-4070-2: MariaDB vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/1
Bugtraq: [slackware-security] mariadb (SSA:2019-213-01)Mailing List;Third Party Advisory
-
https://usn.ubuntu.com/4070-3/
USN-4070-3: MariaDB vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/
[SECURITY] Fedora 30 Update: community-mysql-8.0.17-2.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://support.f5.com/csp/article/K51272092
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2484
RHSA-2019:2484 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2511
RHSA-2019:2511 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
Slackware Security Advisory - mariadb Updates ≈ Packet StormThird Party Advisory;VDB Entry
Jump to