CVE-2012-5615 in Oracle MySQL Serverinfo

Summary

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

Reservation

10/24/2012

Disclosure

12/03/2012

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
67974	Oracle MySQL Server Messages information disclosure	200	Proof-of-Concept	Official fix	CVE-2012-5615
7068	Oracle MySQL Server Authentication information disclosure	200	Proof-of-Concept	Official fix	CVE-2012-5615

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!