CAPEC |
-
Embedding Scripts within Scripts
An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts.
With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host.
Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
-
Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
|
nessus
via4
|
NASL family | Databases | NASL id | MYSQL_5_7_19_RPM.NASL | description | The version of MySQL running on the remote host is 5.7.x prior to
5.7.19. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the UDF component that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3529)
- An unspecified flaw exists in the Memcached component
that allows an unauthenticated, remote attacker to
impact integrity and availability. (CVE-2017-3633)
- Multiple unspecified flaws exist in the DML component
that allow an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3634,
CVE-2017-3639, CVE-2017-3640, CVE-2017-3641,
CVE-2017-3643, CVE-2017-3644, CVE-2017-10296)
- An unspecified flaw exists in the Connector/C and C API
components that allow an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-3635)
- An unspecified flaw exists in the X Plugin component
that allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3637)
- Multiple unspecified flaws exist in the Optimizer
component that allow an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-3638,
CVE-2017-3642, CVE-2017-3645, CVE-2017-10279)
- Multiple unspecified flaws exist in the Replication
component that allow an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-3647,
CVE-2017-3649)
- An unspecified flaw exists in the Charsets component
that allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3648)
- An unspecified flaw exists in the C API component that
allows an unauthenticated, remote attacker to disclose
sensitive information. (CVE-2017-3650)
- An unspecified flaw exists in the Client mysqldump
component that allows an authenticated, remote attacker
to impact integrity. (CVE-2017-3651)
- Multiple unspecified flaws exist in the DDL component
that allow an authenticated, remote attacker to impact
confidentiality and integrity. (CVE-2017-3652,
CVE-2017-3653)
- An unspecified flaw exists in the OpenSSL Encryption
component that allows an unauthenticated, remote
attacker to cause a denial of service condition.
(CVE-2017-3731)
- An unspecified flaw exists in the Stored Procedure
component that allows an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-10284)
- An unspecified flaw exists in the InnoDB component that
allows an authenticated, remote attacker to cause a
denial of service condition or to modify the contents of
the MySQL database. (CVE-2017-10365)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 101979 | published | 2017-07-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=101979 | title | MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU) |
NASL family | Ubuntu Local Security Checks | NASL id | UBUNTU_USN-3357-1.NASL | description | Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS
and Ubuntu 17.04 have been updated to MySQL 5.7.19.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622
.html.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-12-01 | plugin id | 101892 | published | 2017-07-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=101892 | title | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1) |
NASL family | Databases | NASL id | MYSQL_5_7_19.NASL | description | The version of MySQL running on the remote host is 5.7.x prior to
5.7.19. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the UDF component that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3529)
- An unspecified flaw exists in the Memcached component
that allows an unauthenticated, remote attacker to
impact integrity and availability. (CVE-2017-3633)
- Multiple unspecified flaws exist in the DML component
that allow an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3634,
CVE-2017-3639, CVE-2017-3640, CVE-2017-3641,
CVE-2017-3643, CVE-2017-3644, CVE-2017-10296)
- An unspecified flaw exists in the Connector/C and C API
components that allow an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-3635)
- An unspecified flaw exists in the X Plugin component
that allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3637)
- Multiple unspecified flaws exist in the Optimizer
component that allow an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-3638,
CVE-2017-3642, CVE-2017-3645, CVE-2017-10279)
- Multiple unspecified flaws exist in the Replication
component that allow an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-3647,
CVE-2017-3649)
- An unspecified flaw exists in the Charsets component
that allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3648)
- An unspecified flaw exists in the C API component that
allows an unauthenticated, remote attacker to disclose
sensitive information. (CVE-2017-3650)
- An unspecified flaw exists in the Client mysqldump
component that allows an authenticated, remote attacker
to impact integrity. (CVE-2017-3651)
- Multiple unspecified flaws exist in the DDL component
that allow an authenticated, remote attacker to impact
confidentiality and integrity. (CVE-2017-3652,
CVE-2017-3653)
- An unspecified flaw exists in the OpenSSL Encryption
component that allows an unauthenticated, remote
attacker to cause a denial of service condition.
(CVE-2017-3731)
- An unspecified flaw exists in the Stored Procedure
component that allows an authenticated, remote attacker
to cause a denial of service condition. (CVE-2017-10284)
- An unspecified flaw exists in the InnoDB component that
allows an authenticated, remote attacker to cause a
denial of service condition or to modify the contents of
the MySQL database. (CVE-2017-10365)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 101821 | published | 2017-07-19 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=101821 | title | MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU) |
NASL family | FreeBSD Local Security Checks | NASL id | FREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL | description | Oracle reports :
Please reference CVE/URL list for details | last seen | 2018-12-20 | modified | 2018-12-19 | plugin id | 101828 | published | 2017-07-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=101828 | title | FreeBSD : MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf) |
|