CVE-2012-5615
MySQL - Remote User Enumeration
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a, v5.3.11, v5.2.13, v5.1.66, y posiblemente con otras versiones, generan mensajes de error diferentes con retardos de tiempo diferentes dependiendo de si existe un nombre de usuario, lo que permite atacantes remotos para enumerar los nombres de usuario vĂ¡lidos.
Updated mariadb packages includes fixes for the following security Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. Various other issues have also been addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-10-24 CVE Reserved
- 2012-12-03 CVE Published
- 2012-12-03 First Exploit
- 2024-08-06 CVE Updated
- 2025-07-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-209: Generation of Error Message Containing Sensitive Information
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2012/Dec/9 | Mailing List |
|
| http://secunia.com/advisories/53372 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2012/12/02/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/12/02/4 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | X_refsource_confirm |
|
| https://mariadb.atlassian.net/browse/MDEV-3909 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/118555 | 2012-12-03 | |
| https://www.exploit-db.com/exploits/23081 | 2012-12-03 | |
| https://www.exploit-db.com/exploits/23073 | 2016-12-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.66 Search vendor "Mariadb" for product "Mariadb" and version "5.1.66" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.13 Search vendor "Mariadb" for product "Mariadb" and version "5.2.13" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.11 Search vendor "Mariadb" for product "Mariadb" and version "5.3.11" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.5.28a Search vendor "Mariadb" for product "Mariadb" and version "5.5.28a" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.19 Search vendor "Oracle" for product "Mysql" and version "5.5.19" | - |
Affected
| ||||||