CVE-2015-4895
mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015)
Severity Score
Exploit Likelihood
Affected Versions
9Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Vulnerabilidad no especificada en Oracle MySQL Server 5.6.25 y versiones anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB.
MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-24 CVE Reserved
- 2015-10-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2016-Fe... | 2022-09-20 | |
| http://www.debian.org/security/2015/dsa-3385 | 2022-09-20 | |
| http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367... | 2022-09-20 | |
| http://www.ubuntu.com/usn/USN-2781-1 | 2022-09-20 | |
| https://access.redhat.com/errata/RHSA-2016:1132 | 2022-09-20 | |
| https://access.redhat.com/security/cve/CVE-2015-4895 | 2016-05-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1274786 | 2016-05-26 |