| CAPEC |
-
Embedding Scripts within Scripts
An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts.
With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host.
Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
-
Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
|
| nessus
via4
|
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL | | description | Oracle reports :
Please reference CVE/URL list for details | | last seen | 2018-12-20 | | modified | 2018-12-19 | | plugin id | 101828 | | published | 2017-07-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101828 | | title | FreeBSD : MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-3357-1.NASL | | description | Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622 .html.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 101892 | | published | 2017-07-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101892 | | title | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1) |
| NASL family | Databases | | NASL id | MYSQL_5_7_19.NASL | | description | The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529)
- An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633)
- Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296)
- An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635)
- An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637)
- Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279)
- Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649)
- An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648)
- An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650)
- An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651)
- Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653)
- An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2017-3731)
- An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284)
- An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 101821 | | published | 2017-07-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101821 | | title | MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU) |
| NASL family | Databases | | NASL id | MYSQL_5_7_19_RPM.NASL | | description | The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529)
- An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633)
- Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296)
- An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635)
- An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637)
- Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279)
- Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649)
- An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648)
- An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650)
- An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651)
- Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653)
- An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2017-3731)
- An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284)
- An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 101979 | | published | 2017-07-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101979 | | title | MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU) |
|
