Layer 7 API Management

Expand all | Collapse all

Vulnerability  : CVE-2017-3599 in api gateway

  • 1.  Vulnerability  : CVE-2017-3599 in api gateway

    Posted 05-23-2019 08:26 AM

    Hi, 

     

    I am working for one customer he is facing vulnerability error in MySql. Is this vulnerability is fixed by the team. I checked the txt. file in products download and I did not find this vulnerability number in the .txt file. Can anybody help me on this. 

    Vulnerability number is : CVE-2017-3599



  • 2.  Re: Vulnerability  : CVE-2017-3599 in api gateway

    Posted 05-23-2019 08:31 PM

    Hello Venkat,

     

    As long as I checked the CVE-2017-3599 on the following Oracle web page, API Gateway 9.3 and 9.4 are NOT affected by the vulnerability.

     

    https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

     

    CVE-2017-3599MySQL ServerServer: Pluggable AuthMySQL ProtocolYes7.5NetworkLowNoneNoneUn-
    changed
    NoneNoneHigh5.6.35 and earlier, 5.7.17 and earlier 

     

    [API Gateway 9.3]
    # rpm -q mysql-commercial-server
    mysql-commercial-server-5.7.20-1.1.el6.x86_64

     

    [API Gateway 9.4]
    # rpm -q mysql-commercial-server
    mysql-commercial-server-5.7.23-1.1.el6.x86_64

     

    Both versions are newer than the affected versions.

     

    Best regards,
    Seiji