Multiple vulnerabilities in Percona Server for MySQL
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 |
| CWE-ID | CWE-284 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Percona Server for MySQL Server applications / Database software |
| Vendor | Percona LLC |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper Access Control
EUVDB-ID: #VU10263
Risk: Low
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2562
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.
MitigationUpdate to version 5.5.59-38.11.
Vulnerable software versionsPercona Server for MySQL: 5.5.11-20.2 - 5.5.58-38.10
CPE2.3- cpe:2.3:a:percona:percona_server_for_mysql:5.5.11-20.2:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.12-20.3:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.13-20.4:*:*:*:*:*:*:*
https://www.percona.com/downloads/Percona-Server-5.5/LATEST/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU10267
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2622
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate to version 5.5.59-38.11.
Vulnerable software versionsPercona Server for MySQL: 5.5.11-20.2 - 5.5.58-38.10
CPE2.3- cpe:2.3:a:percona:percona_server_for_mysql:5.5.11-20.2:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.12-20.3:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.13-20.4:*:*:*:*:*:*:*
https://www.percona.com/downloads/Percona-Server-5.5/LATEST/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU10269
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2640
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate to version 5.5.59-38.11.
Vulnerable software versionsPercona Server for MySQL: 5.5.11-20.2 - 5.5.58-38.10
CPE2.3- cpe:2.3:a:percona:percona_server_for_mysql:5.5.11-20.2:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.12-20.3:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.13-20.4:*:*:*:*:*:*:*
https://www.percona.com/downloads/Percona-Server-5.5/LATEST/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU10270
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2665
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate to version 5.5.59-38.11.
Vulnerable software versionsPercona Server for MySQL: 5.5.11-20.2 - 5.5.58-38.10
CPE2.3- cpe:2.3:a:percona:percona_server_for_mysql:5.5.11-20.2:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.12-20.3:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.13-20.4:*:*:*:*:*:*:*
https://www.percona.com/downloads/Percona-Server-5.5/LATEST/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU10271
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2668
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate to version 5.5.59-38.11.
Vulnerable software versionsPercona Server for MySQL: 5.5.11-20.2 - 5.5.58-38.10
CPE2.3- cpe:2.3:a:percona:percona_server_for_mysql:5.5.11-20.2:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.12-20.3:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server_for_mysql:5.5.13-20.4:*:*:*:*:*:*:*
https://www.percona.com/downloads/Percona-Server-5.5/LATEST/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
