CVE-2007-3781

New release of MySQL fixes security bugs

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

MySQL Community Server anterior al 5.0.45 no requiere privilegios como el SELECT para la tabla de origen en la sentencia CREATE TABLE LIKE, lo que permite a usuarios remotos autenticados la obtención de información sensible como la estructura de la tabla.

*Credits: N/A

CVSS Scores

NISTv2 4.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-15 CVE Reserved
2007-07-15 CVE Published
2024-08-07 CVE Updated
2024-09-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (27)

URL	Tag	Source
http://bugs.mysql.com/bug.php?id=25578	X_refsource_misc
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html	X_refsource_confirm
http://lists.mysql.com/announce/470	Mailing List
http://osvdb.org/37783	Vdb Entry
http://secunia.com/advisories/25301	Third Party Advisory
http://secunia.com/advisories/26073	Third Party Advisory
http://secunia.com/advisories/26430	Third Party Advisory
http://secunia.com/advisories/26498	Third Party Advisory
http://secunia.com/advisories/26987	Third Party Advisory
http://secunia.com/advisories/28040	Third Party Advisory
http://secunia.com/advisories/28108	Third Party Advisory
http://secunia.com/advisories/28128	Third Party Advisory
http://secunia.com/advisories/28343	Third Party Advisory
http://secunia.com/advisories/30351	Third Party Advisory
http://www.securityfocus.com/archive/1/473874/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/25017	Vdb Entry
https://issues.rpath.com/browse/RPL-1536	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200708-10.xml	2018-10-15
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959	2018-10-15
http://www.debian.org/security/2008/dsa-1451	2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:243	2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0894.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0364.html	2018-10-15
https://usn.ubuntu.com/559-1	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-3781	2008-05-20
https://bugzilla.redhat.com/show_bug.cgi?id=248553	2008-05-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mysql Search vendor "Mysql"		Community Server Search vendor "Mysql" for product "Community Server"				5.0.41 Search vendor "Mysql" for product "Community Server" and version "5.0.41"		-		Affected
Mysql Search vendor "Mysql"		Community Server Search vendor "Mysql" for product "Community Server"				5.0.44 Search vendor "Mysql" for product "Community Server" and version "5.0.44"		-		Affected