Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:77F795D40C0F3BC24E1957AD0DAB52C5
HistoryDec 22, 2005 - 12:00 a.m.

MySQL MaxDB WebTools special character buffer overflow

2005-12-2200:00:00
SAINT Corporation
my.saintcorporation.com
15

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.923 High

EPSS

Percentile

99.0%

JSON

Added: 12/22/2005
CVE: CVE-2005-0684
BID: 13368
OSVDB: 15816

Background

MaxDB is a SAP-certified open-source database developed by MySQL. The WebTools component offers a set of database tools which are accessible from a web browser. The wahttp program listens on port 9999 and processes HTTP requests.

Problem

A buffer overflow in the handling of long variable names allows remote command execution by requesting a long, specially crafted URI containing a percent character.

Resolution

Upgrade to a fixed version of MaxDB.

References

[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=234&amp;type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=234&type=vulnerabilities
>)

Limitations

Exploit works on MaxDB 7.5.00.24.

Platforms

Windows
Red Hat / CentOS / Linux

Related

saint 3
ubuntucve 1
securityvulns 2
cvelist 1
cve 1
checkpoint_advisories 1
packetstorm 1
nvd 1
saint
saint
MySQL MaxDB WebTools special character buffer overflow
2005-12-22 00:00:00
MySQL MaxDB WebTools special character buffer overflow
2005-12-22 00:00:00
MySQL MaxDB WebTools special character buffer overflow
2005-12-22 00:00:00
ubuntucve
ubuntucve
CVE-2005-0684
2005-04-25 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability
2005-04-27 00:00:00
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability
2005-04-27 00:00:00
cvelist
cvelist
CVE-2005-0684
2005-04-26 04:00:00
cve
cve
CVE-2005-0684
2005-04-26 04:00:00
checkpoint_advisories
checkpoint_advisories
MySQL MaxDB Webtool GET Command Buffer Overflow (CVE-2005-0684)
2010-03-01 00:00:00
packetstorm
packetstorm
MaxDB WebDBM GET Buffer Overflow
2009-11-26 00:00:00
nvd
nvd
CVE-2005-0684
2005-04-25 04:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.923 High

EPSS

Percentile

99.0%

JSON
Related for SAINT:77F795D40C0F3BC24E1957AD0DAB52C5
saint3ubuntucve1securityvulns2cvelist1cve1checkpoint_advisories1packetstorm1nvd1