Oracle MySQL Enterprise Monitor DOS (July 2022 CPU)
Discription
The version of MySQL Enterprise Monitor installed on the remote host are affected by a denial of service as referenced in the July 2022 CPU advisory, via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More
References
Back to Main