|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Oracle MySQL Database IN and CASE NULL Argument Denial of Service Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A Denial of Service vulnerability exists in Oracle MySQL database server. The vulnerability is due to an error while handling IN or CASE functions when NULL arguments are passed to the functions either by the WITH ROLLUP modifier or explicitly. Remote authenticated attackers can exploit this vulnerability by sending malicious command packets to the server. Successful exploitation would cause the target server to terminate, denying service to all users until the server is restarted. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |