tag:blogger.com,1999:blog-1135944569112521190.post5303580068531410409..comments2024-01-15T10:49:43.556+01:00Comments on Daniël's Database Blog: MySQL in Oracle Critical Patch Update Advisory January 2014Daniël van Eedenhttp://www.blogger.com/profile/14757324605223498151noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1135944569112521190.post-5400571410058559022014-01-15T11:51:39.320+01:002014-01-15T11:51:39.320+01:00Just to point out the note on the MEM CVSS score t...Just to point out the note on the MEM CVSS score too:<br /><br />The following CVEs are fixed as a result of upgrading to Struts 2.3.15.3: CVE-2013-4316 and CVE-2013-4310. The CVSS score is taken from http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316. The CVSS score is 10.0 if MySQL Enterprise Monitor runs with admin or root privileges. The score would be 7.5 if MySQL Enterprise Monitor runs with non-admin privileges and the impact on Confidentiality, Integrity and Availability would be Partial+.<br /><br />As of MEM 3.0, we install and run as a "tomcat" user by default rather than root, so the score is effectively 7.5, but can be made 10 by the user if they force the install as root.Mark Leithhttps://www.blogger.com/profile/07526409233197705882noreply@blogger.com