ID |
CVE-2007-3781
|
Summary |
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.0 (as of 15-10-2018 - 21:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
oval
via4
|
accepted | 2013-04-29T04:18:27.646-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | family | unix | id | oval:org.mitre.oval:def:9195 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | version | 18 |
|
redhat
via4
|
advisories | | rpms | - mysql-0:5.0.44-1.el4s1.1
- mysql-bench-0:5.0.44-1.el4s1.1
- mysql-cluster-0:5.0.44-1.el4s1.1
- mysql-debuginfo-0:5.0.44-1.el4s1.1
- mysql-devel-0:5.0.44-1.el4s1.1
- mysql-libs-0:5.0.44-1.el4s1.1
- mysql-server-0:5.0.44-1.el4s1.1
- mysql-test-0:5.0.44-1.el4s1.1
- mysql-0:5.0.45-7.el5
- mysql-bench-0:5.0.45-7.el5
- mysql-debuginfo-0:5.0.45-7.el5
- mysql-devel-0:5.0.45-7.el5
- mysql-server-0:5.0.45-7.el5
- mysql-test-0:5.0.45-7.el5
|
|
refmap
via4
|
bid | 25017 | bugtraq | 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | confirm | | debian | DSA-1451 | gentoo | GLSA-200708-10 | mandriva | MDKSA-2007:243 | misc | http://bugs.mysql.com/bug.php?id=25578 | mlist | [announce] 20070712 MySQL Community Server 5.0.45 has been released! | osvdb | 37783 | secunia | - 25301
- 26073
- 26430
- 26498
- 26987
- 28040
- 28108
- 28128
- 28343
- 30351
| slackware | SSA:2007-348-01 | ubuntu | USN-559-1 |
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-07-17 | organization | Red Hat | statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
|
Last major update |
15-10-2018 - 21:30 |
Published |
15-07-2007 - 22:30 |
Last modified |
15-10-2018 - 21:30 |