{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50935?format=json","vulnerability_id":"VCID-y4mm-ffe6-jkhp","summary":"Multiple vulnerabilities have been found in MySQL, allowing\n    attackers to execute arbitrary code or cause Denial of Service.","aliases":[{"alias":"CVE-2012-2122"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79019?format=json","purl":"pkg:ebuild/dev-db/mysql@5.1.70","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/mysql@5.1.70"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/125705?format=json","purl":"pkg:rpm/redhat/mysql@5.1.66-1?arch=el6_3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2pdc-j83s-h7hh"},{"vulnerability":"VCID-2vb6-exwh-sybh"},{"vulnerability":"VCID-6fhd-9qpt-tfae"},{"vulnerability":"VCID-6wgd-zetu-myef"},{"vulnerability":"VCID-7w4n-33x1-tqcq"},{"vulnerability":"VCID-96an-9mvp-3kat"},{"vulnerability":"VCID-9te6-rj9t-3fgb"},{"vulnerability":"VCID-h2g4-xr4z-ryh1"},{"vulnerability":"VCID-hz26-3f11-efbh"},{"vulnerability":"VCID-jwr1-6v3s-v3ff"},{"vulnerability":"VCID-mwch-ragz-pycf"},{"vulnerability":"VCID-pvbw-e9jc-wuam"},{"vulnerability":"VCID-s5u4-c3yc-nqgd"},{"vulnerability":"VCID-s9t5-5q6j-hqd9"},{"vulnerability":"VCID-w3av-8ree-5bhp"},{"vulnerability":"VCID-wtwz-tx65-9yag"},{"vulnerability":"VCID-y4mm-ffe6-jkhp"},{"vulnerability":"VCID-yt8v-vgf9-ykgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mysql@5.1.66-1%3Farch=el6_3"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2122.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2122","reference_id":"","reference_type":"","scores":[{"value":"0.93918","scoring_system":"epss","scoring_elements":"0.99878","published_at":"2026-04-11T12:55:00Z"},{"value":"0.93918","scoring_system":"epss","scoring_elements":"0.99879","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93918","scoring_system":"epss","scoring_elements":"0.9988","published_at":"2026-04-26T12:55:00Z"},{"value":"0.94058","scoring_system":"epss","scoring_elements":"0.99901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.94058","scoring_system":"epss","scoring_elements":"0.99904","published_at":"2026-05-11T12:55:00Z"},{"value":"0.94058","scoring_system":"epss","scoring_elements":"0.99905","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2122"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=814605","reference_id":"814605","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=814605"},{"reference_url":"https://security.gentoo.org/glsa/201308-06","reference_id":"GLSA-201308-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-06"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/19092.py","reference_id":"OSVDB-82804;CVE-2012-2122","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/19092.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1462","reference_id":"RHSA-2012:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1462"},{"reference_url":"https://usn.ubuntu.com/1467-1/","reference_id":"USN-1467-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1467-1/"}],"weaknesses":[{"cwe_id":704,"name":"Incorrect Type Conversion or Cast","description":"The product does not correctly convert an object, resource, or structure from one type to a different type."},{"cwe_id":393,"name":"Return of Wrong Status Code","description":"A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result."},{"cwe_id":305,"name":"Authentication Bypass by Primary Weakness","description":"The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error."}],"exploits":[{"date_added":null,"description":"This module exploits a password bypass vulnerability in MySQL in order\n        to extract the usernames and encrypted password hashes from a MySQL server.\n        These hashes are stored as loot for later cracking.\n\n        Impacts MySQL versions:\n        - 5.1.x before 5.1.63\n        - 5.5.x before 5.5.24\n        - 5.6.x before 5.6.6\n\n        And MariaDB versions:\n        - 5.1.x before 5.1.62\n        - 5.2.x before 5.2.12\n        - 5.3.x before 5.3.6\n        - 5.5.x before 5.5.23","required_action":null,"due_date":null,"notes":"{}\n","known_ransomware_campaign_use":false,"source_date_published":"2012-06-09","exploit_type":null,"platform":"","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb"},{"date_added":"2012-06-12","description":"MySQL - Authentication Bypass","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2012-06-12","exploit_type":"remote","platform":"multiple","source_date_updated":"2016-12-05","data_source":"Exploit-DB","source_url":""}],"severity_range_score":null,"exploitability":"2.0","weighted_severity":"0.8","risk_score":1.6,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4mm-ffe6-jkhp"}