Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1848
HistoryMay 21, 2010 - 12:00 a.m.

CVE-2010-1848

2010-05-2100:00:00
ubuntu.com
ubuntu.com
24

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.004

Percentile

74.9%

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1
before 5.1.47 allows remote authenticated users to bypass intended table
grants to read field definitions of arbitrary tables, and on 5.1 to read or
delete content of arbitrary tables, via a … (dot dot) in a table name.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchmysql-dfsg-5.0<Β 5.0.22-0ubuntu6.06.14UNKNOWN
ubuntu8.04noarchmysql-dfsg-5.0<Β 5.0.51a-3ubuntu5.7UNKNOWN
ubuntu9.04noarchmysql-dfsg-5.0<Β 5.1.30really5.0.75-0ubuntu10.5UNKNOWN
ubuntu9.10noarchmysql-dfsg-5.1<Β 5.1.37-1ubuntu5.4UNKNOWN
ubuntu10.04noarchmysql-dfsg-5.1<Β 5.1.41-3ubuntu12.3UNKNOWN

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.004

Percentile

74.9%