NVD

Vulnerability Change Records for CVE-2015-3144

Change History

Modified Analysis by NIST 11/05/2015 1:45:45 PM

Action

Type

Old Value

New Value

Changed

CPE Configuration

Configuration 1
     OR
          *cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
          *cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*

Configuration 1
     OR
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
          *cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
          *cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
Configuration 4
     OR
          *cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.20:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.22:*:*:*:*:*:*:* (and previous)

Changed

CVSS V2

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Added

Evaluator Description

The previous CVSS assessment 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) was provided at the time of initial analysis based on the best available published information at that time.  The score has been updated to reflect the impact to Oracle products per <a href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html> Oracle Critical Patch Update Advisory - October 2015 </a>. Other products listed as vulnerable may or may not be similarly impacted.

Also Per <a href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html> Oracle Critical Patch Update Advisory - October 2015 </a> -
This fix also addresses CVE-2014-3707, CVE-2014-8150, CVE-2015-3153 and CVE-2015-3236. The CVSS score is 9.0 if MySQL Enterprise Monitor runs with admin or root privileges. The score would be 6.5 if MySQL Enterprise Monitor runs with non-admin privileges and the impact on Confidentiality, Integrity and Availability would be Partial+. The Sub-Component for version 3.0.x is 'Proxy/Aggregator'.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Vulnerability Change Records for CVE-2015-3144

Change History

Modified Analysis by NIST 11/05/2015 1:45:45 PM