CVE-2007-2693

MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bugs.mysql.com/bug.php?id=23675	Patch
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html	Patch
http://secunia.com/advisories/25301
http://www.securityfocus.com/bid/24008
http://www.securitytracker.com/id?1018071
http://www.vupen.com/english/advisories/2007/1804
https://exchange.xforce.ibmcloud.com/vulnerabilities/34349

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mysql:mysql:5.1.5:::::::*
	cpe:2.3:a:oracle:mysql:5.1.6:::::::*
	cpe:2.3:a:oracle:mysql:5.1.9:::::::*
	cpe:2.3:a:oracle:mysql:5.1.10:::::::*
	cpe:2.3:a:oracle:mysql:5.1.11:::::::*
	cpe:2.3:a:oracle:mysql:5.1.12:::::::*
	cpe:2.3:a:oracle:mysql:5.1.13:::::::*
	cpe:2.3:a:oracle:mysql:5.1.14:::::::*
	cpe:2.3:a:oracle:mysql:5.1.15:::::::*
	cpe:2.3:a:oracle:mysql:5.1.16:::::::*
	cpe:2.3:a:oracle:mysql:5.1.17:::::::*

History

No history.

Information

Published : 2007-05-16 01:19

Updated : 2019-12-17 20:06

NVD link : CVE-2007-2693

Mitre link : CVE-2007-2693

CVE.ORG link : CVE-2007-2693

JSON object : View

Products Affected

mysql

mysql

oracle

mysql

CWE

NVD-CWE-Other

{"id": "CVE-2007-2693", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-16T01:19:00.000", "references": [{"url": "http://bugs.mysql.com/bug.php?id=23675", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25301", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24008", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018071", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1804", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34349", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement."}, {"lang": "es", "value": "MySQL anterior a 5.1.18 permite a usuarios autenticados remotamente sin privilegios SELECT obtener informaci\u00f3n sensible desde tablas particionadas mediante una sentencia ALTER TABLE."}], "lastModified": "2019-12-17T20:06:14.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88FEEE64-899F-4F55-B829-641706E29E32"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EB2323C-EFE2-407A-9AE9-8717FA9F8625"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "446DB5E9-EF4C-4A53-911E-91A802AECA5D"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5829BE6A-BC58-482B-9DA1-04FDD413A7A9"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C85D20DF-702B-4F0B-922D-782474A4B663"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73A09785-3CA4-4797-A836-A958DCDC322F"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4DE3D79-0966-4E14-9288-7C269A2CEEC3"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "564F6A24-BEB3-4420-A633-8AD54C292436"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-06-14T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}