DB: Oracle MySQL User Enumeration Information Disclosure
This signature detects attempts to exploit a known content-spoofing vulnerability in the Oracle MySQL database server. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the currently logged in user. If the attack is unsuccessful, the vulnerable application can terminate abnormally.
Extended Description
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Affected Products
Mariadb mariadb
References
CVE: CVE-2012-5615
Short Name
DB:MYSQL:USER-ENUMERATION
Severity
Warning
Recommended
False
Recommended Action
None
Category
DB
Keywords
CVE-2012-5615 Disclosure Enumeration Information MySQL Oracle User
Release Date
12/05/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3571
False Positive
Unknown
Vendors
Oracle
Mariadb
CVSS Score
5.0