Debian update for mysql-connector-java
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-3523 |
| CWE-ID | CWE-502 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Debian Linux Operating systems & Components / Operating system |
| Vendor | Debian |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Remote code execution
EUVDB-ID: #VU11092
Risk: High
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3523
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to unexpected automatic deserialisation of Java objects. The remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 5.1.41-1~deb8u1, 5.1.41-1, 5.1.41-1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
