Main Vulnerability Database Vulnerabilities #VU32224

Information disclosure in MariaDB - CVE-2016-5584

Published: October 25, 2016 / Updated: July 28, 2020

Vulnerability identifier: #VU32224

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-5584

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MariaDB Foundation

Affected software:
MariaDB

Detailed vulnerability description

The vulnerability allows a remote privileged user to gain access to sensitive information.

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

How to mitigate CVE-2016-5584

Install update from vendor's website.

Sources

http://www.debian.org/security/2016/dsa-3706
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/93735
http://www.securitytracker.com/id/1037050
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
https://security.gentoo.org/glsa/201701-01

Information disclosure in MariaDB - CVE-2016-5584

Detailed vulnerability description

How to mitigate CVE-2016-5584

Sources

Please verify you're human