Lucene search

[email protected]CVE-2007-5970

HistoryDec 10, 2007 - 7:46 p.m.

CVE-2007-5970

2007-12-1019:46:00

[email protected]

web.nvd.nist.gov

mysql

remote access

privilege escalation

data security

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.4%

JSON

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

Affected configurations

NVD

Node

oraclemysqlMatch5.1.1

oraclemysqlMatch5.1.2

oraclemysqlMatch5.1.10

oraclemysqlMatch5.1.11

oraclemysqlMatch5.1.12

oraclemysqlMatch5.1.13

oraclemysqlMatch5.1.14

oraclemysqlMatch5.1.15

oraclemysqlMatch5.1.16

oraclemysqlMatch5.1.17

oraclemysqlMatch6.0.0

oraclemysqlMatch6.0.1

oraclemysqlMatch6.0.2

oraclemysqlMatch6.0.3

oraclemysqlMatch6.0.4

CPENameOperatorVersion
oracle:mysqloracle mysqleq5.1.1
oracle:mysqloracle mysqleq5.1.2
oracle:mysqloracle mysqleq5.1.10
oracle:mysqloracle mysqleq5.1.11
oracle:mysqloracle mysqleq5.1.12
oracle:mysqloracle mysqleq5.1.13
oracle:mysqloracle mysqleq5.1.14
oracle:mysqloracle mysqleq5.1.15
oracle:mysqloracle mysqleq5.1.16
oracle:mysqloracle mysqleq5.1.17

CPE	Name	Operator	Version
oracle:mysql	oracle mysql	eq	5.1.1
oracle:mysql	oracle mysql	eq	5.1.2
oracle:mysql	oracle mysql	eq	5.1.10
oracle:mysql	oracle mysql	eq	5.1.11
oracle:mysql	oracle mysql	eq	5.1.12
oracle:mysql	oracle mysql	eq	5.1.13
oracle:mysql	oracle mysql	eq	5.1.14
oracle:mysql	oracle mysql	eq	5.1.15
oracle:mysql	oracle mysql	eq	5.1.16
oracle:mysql	oracle mysql	eq	5.1.17

Rows per page:

1-10 of 151

References

bugs.mysql.com/bug.php?id=32091

dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html

osvdb.org/42607

securitytracker.com/id?1019084

www.vupen.com/english/advisories/2008/0560/references

exchange.xforce.ibmcloud.com/vulnerabilities/38988

Social References

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for CVE-2007-5970

prion1 nvd1 ubuntucve1 cvelist1 nessus1