Main Vulnerability Database Exploits ID:4347 - Exploit for Information disclosure in MariaDB and mysql - CVE-2012-5615

ID:4347 - Exploit for Information disclosure in MariaDB and mysql - CVE-2012-5615

Published: August 11, 2020

Vulnerability identifier: #VU43280

Vulnerability risk: Medium

CVE-ID: CVE-2012-5615

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
MariaDB
mysql

Link to public exploit:

https://www.exploit-db.com/exploits/23073/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

Remediation

Install update from vendor's website.

ID:4347 - Exploit for Information disclosure in MariaDB and mysql - CVE-2012-5615

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human