CVE-2007-2691

2007-05-1601:19:00

mitre

web.nvd.nist.gov

mysql

cve-2007-2691

security

vulnerability

nvd

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Affected configurations

Nvd

Node

mysqlmysqlRange≤4.1.22

mysqlmysqlRange5.0–5.0.42

mysqlmysqlRange5.1–5.1.18

Node

debiandebian_linuxMatch3.1

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch6.10

canonicalubuntu_linuxMatch7.04

VendorProductVersionCPE
mysqlmysql*cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux6.10cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
canonicalubuntu_linux7.04cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mysql	mysql	*	cpe:2.3:a:mysql:mysql::::::::
debian	debian_linux	3.1	cpe:2.3:o:debian:debian_linux:3.1:::::::*
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0:::::::*
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
canonical	ubuntu_linux	6.10	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
canonical	ubuntu_linux	7.04	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*