This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:SQL:INJ:SELECT-SUB-DOS
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
MySQL SELECT Subquery Denial of Service SQL Injection
|
Release Date |
2010/02/17
|
Update Number |
1613
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: MySQL SELECT Subquery Denial of Service SQL Injection
This signature detects attempts to exploit a known vulnerability against Sun MySQL Database via HTTP SQL Command Injection. A successful attack can result in a denial-of-service condition. Sun Microsystems MySQL prior to 5.0.88 and Sun Microsystems MySQL prior to 5.1.41 are affected. However, it might also be a false positive - many Web sites use variables similar in format to SQL, and some Web sites even use SQL as part of normal operations. This is considered a poor convention, as sites using raw SQL in variables can be vulnerable to SQL injection. To reduce False Positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's Web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.
Extended Description
MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions.
An attacker can exploit these issues to crash the application, denying access to legitimate users.
Versions prior to MySQL 5.0.88 and 5.1.41 are vulnerable.
Affected Products
- Apple mac_os_x_server 10.6
- Apple mac_os_x_server 10.6.1
- Apple mac_os_x_server 10.6.2
- Gentoo linux
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2009.0
- Mandriva linux_mandrake 2009.0 X86 64
- Mandriva linux_mandrake 2009.1
- Mandriva linux_mandrake 2009.1 X86 64
- Mandriva linux_mandrake 2010.0
- Mandriva linux_mandrake 2010.0 X86 64
- Mysql_ab mysql 5.0
- Mysql_ab mysql 5.0.0 .0-0
- Mysql_ab mysql 5.0.0 .0-Alpha
- Mysql_ab mysql 5.0.1
- Mysql_ab mysql 5.0.18
- Mysql_ab mysql 5.0.19
- Mysql_ab mysql 5.0.2
- Mysql_ab mysql 5.0.20
- Mysql_ab mysql 5.0.21
- Mysql_ab mysql 5.0.22
- Mysql_ab mysql 5.0.22 -1-0.1
- Mysql_ab mysql 5.0.24
- Mysql_ab mysql 5.0.26
- Mysql_ab mysql 5.0.27
- Mysql_ab mysql 5.0.3
- Mysql_ab mysql 5.0.32
- Mysql_ab mysql 5.0.33
- Mysql_ab mysql 5.0.36
- Mysql_ab mysql 5.0.37
- Mysql_ab mysql 5.0.38
- Mysql_ab mysql 5.0.39
- Mysql_ab mysql 5.0.4
- Mysql_ab mysql 5.0.40
- Mysql_ab mysql 5.0.42
- Mysql_ab mysql 5.0.44
- Mysql_ab mysql 5.0.45
- Mysql_ab mysql 5.0.46
- Mysql_ab mysql 5.0.47
- Mysql_ab mysql 5.0.48
- Mysql_ab mysql 5.0.49
- Mysql_ab mysql 5.0.50
- Mysql_ab mysql 5.0.51
- Mysql_ab mysql 5.0.52
- Mysql_ab mysql 5.0.60
- Mysql_ab mysql 5.0.66
- Mysql_ab mysql 5.0.75
- Mysql_ab mysql 5.1.10
- Mysql_ab mysql 5.1.11
- Mysql_ab mysql 5.1.12
- Mysql_ab mysql 5.1.13
- Mysql_ab mysql 5.1.14
- Mysql_ab mysql 5.1.15
- Mysql_ab mysql 5.1.16
- Mysql_ab mysql 5.1.17
- Mysql_ab mysql 5.1.18
- Mysql_ab mysql 5.1.22
- Mysql_ab mysql 5.1.23
- Mysql_ab mysql 5.1.26
- Mysql_ab mysql 5.1.30
- Mysql_ab mysql 5.1.31
- Mysql_ab mysql 5.1.32
- Mysql_ab mysql 5.1.33
- Mysql_ab mysql 5.1.34
- Mysql_ab mysql 5.1.35
- Mysql_ab mysql 5.1.36
- Mysql_ab mysql 5.1.37
- Mysql_ab mysql 5.1.38
- Mysql_ab mysql 5.1.39
- Mysql_ab mysql 5.1.5
- Mysql_ab mysql 5.1.6
- Mysql_ab mysql 5.1.9
- Mysql_ab mysql 6.0.0
- Mysql_ab mysql 6.0.1
- Mysql_ab mysql 6.0.2
- Mysql_ab mysql 6.0.3
- Mysql_ab mysql 6.0.4
- Mysql_ab mysql 6.0.6
- Mysql_ab mysql 6.0.7
- Mysql_ab mysql 6.0.8
- Mysql_ab mysql 6.0.9
- Pardus linux_2009
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_eus 5.4.Z Server
- Red_hat fedora 10
- Red_hat fedora 11
- Red_hat fedora 12
- Rpath appliance_platform_linux_service 1
- Rpath appliance_platform_linux_service 2
- Rpath rpath_linux 1
- Rpath rpath_linux 2
- Suse opensuse 11.0
- Suse opensuse 11.1
- Suse opensuse 11.2
- Suse suse_linux_enterprise 10 SP2
- Suse suse_linux_enterprise 10 SP3
- Suse suse_linux_enterprise 11
- Ubuntu ubuntu_linux 10.04 Amd64
- Ubuntu ubuntu_linux 10.04 ARM
- Ubuntu ubuntu_linux 10.04 I386
- Ubuntu ubuntu_linux 10.04 Powerpc
- Ubuntu ubuntu_linux 10.04 Sparc
- Ubuntu ubuntu_linux 10.10 amd64
- Ubuntu ubuntu_linux 10.10 ARM
- Ubuntu ubuntu_linux 10.10 i386
- Ubuntu ubuntu_linux 10.10 powerpc
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.04 ARM
- Ubuntu ubuntu_linux 11.04 i386
- Ubuntu ubuntu_linux 11.04 powerpc
- Ubuntu ubuntu_linux 11.10 amd64
- Ubuntu ubuntu_linux 11.10 i386
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Ubuntu ubuntu_linux 8.10 Amd64
- Ubuntu ubuntu_linux 8.10 I386
- Ubuntu ubuntu_linux 8.10 Lpia
- Ubuntu ubuntu_linux 8.10 Powerpc
- Ubuntu ubuntu_linux 8.10 Sparc
- Ubuntu ubuntu_linux 9.04 Amd64
- Ubuntu ubuntu_linux 9.04 I386
- Ubuntu ubuntu_linux 9.04 Lpia
- Ubuntu ubuntu_linux 9.04 Powerpc
- Ubuntu ubuntu_linux 9.04 Sparc
- Ubuntu ubuntu_linux 9.10 Amd64
- Ubuntu ubuntu_linux 9.10 I386
- Ubuntu ubuntu_linux 9.10 Lpia
- Ubuntu ubuntu_linux 9.10 Powerpc
- Ubuntu ubuntu_linux 9.10 Sparc
References