Detections
Analytics
MySQL 5.0.18 Information Leak
low Nessus Plugin ID 17830
Language:
Synopsis
The remote database server is affected by an information leak weakness.Description
The version of MySQL installed on the remote host allows local users to read sensitive information via the following query :SELECT * FROM information_schema.views;
This issue is disputed. Some consider it as a normal behavior for an SQL database.
See Also
https://www.securityfocus.com/archive/1/archive/1/423432/100/0/threaded
https://www.securityfocus.com/archive/1/archive/1/423228/100/0/threaded
https://www.securityfocus.com/archive/1/archive/1/423204/100/0/threaded
https://www.securityfocus.com/archive/1/archive/1/423180/30/7310/threaded
https://www.securityfocus.com/archive/1/archive/1/422491/100/0/threaded
https://www.securityfocus.com/archive/1/422698/100/0/threaded
https://www.securityfocus.com/archive/1/422592/100/0/threaded
Plugin Details
Severity: Low
ID: 17830
File Name: mysql_5_0_18_info_leak.nasl
Version: 1.6
Type: remote
Family: Databases
Published: 1/18/2012
Updated: 11/15/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.5
CVSS v2
Risk Factor: Low
Base Score: 2.1
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:mysql:mysql
Required KB Items: Settings/ParanoidReport, Settings/PCI_DSS
Vulnerability Publication Date: 1/20/2006
Reference Information
CVE: CVE-2006-0369
CWE: 200