CVE-2015-4870

Oracle MySQL Server <5.5.45-5.6.26 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-4870. PoCs published by Osanda Malith Jayathissa, OsandaMalith.

AI-analyzed exploit summary This exploit targets a DoS vulnerability in MySQL's PROCEDURE ANALYSE function (CVE-2015-4870) by sending a malformed SQL query via HTTP requests. It uses multiple threads to amplify the attack, causing resource exhaustion.

Description

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

Exploits (2)

exploitdb WORKING POC
by Osanda Malith Jayathissa · pythondosmultiple
https://www.exploit-db.com/exploits/39867

This exploit targets a DoS vulnerability in MySQL's PROCEDURE ANALYSE function (CVE-2015-4870) by sending a malformed SQL query via HTTP requests. It uses multiple threads to amplify the attack, causing resource exhaustion.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MySQL up to 5.5.45
No auth needed
Prerequisites: A vulnerable MySQL server accessible via HTTP request
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by OsandaMalith · poc
https://github.com/OsandaMalith/CVE-2015-4870

This PoC exploits CVE-2015-4870, a DoS vulnerability in MySQL's PROCEDURE ANALYSE function. It sends a malformed SQL query via HTTP to trigger excessive resource consumption, causing a denial of service.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MySQL up to 5.5.45
No auth needed
Prerequisites: A vulnerable MySQL server accessible via HTTP with a PHP endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/77208
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1481.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033894
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1132
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0534.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2781-1
Third Party Advisory vendor-advisory x_refsource_suse
https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1480.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3385
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3377
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0705.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39867/
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html

Scores

EPSS 0.2943
EPSS Percentile 97.9%

Details

Status published
Products (31)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
canonical/ubuntu_linux 15.10
debian/debian_linux 7.0
debian/debian_linux 8.0
fedoraproject/fedora 23
mariadb/mariadb 5.5.0 - 5.5.46
opensuse/leap 42.1
opensuse/opensuse 13.1
... and 21 more
Published Oct 21, 2015
Tracked Since Feb 18, 2026