Buffer Overflow Vulnerabilities in MySQL MaxDB Web Tool by MySQL
CVE-2005-0684

Currently unrated

Key Information:

Vendor: Mysql
Status: Maxdb
Vendor: CVE Published:; 25 April 2005

What is CVE-2005-0684?

The MySQL MaxDB web tool prior to version 7.5.00.26 is susceptible to multiple buffer overflow vulnerabilities. A remote attacker can exploit these flaws by sending an HTTP GET request that includes a specially crafted long file parameter following a percent ('%') sign. Alternatively, a long Lock-Token string can be delivered through the WebDAV functionality, which the getLockTokenHeader function fails to process correctly. These vulnerabilities enable attackers to execute arbitrary code on the affected server, posing significant risks to data integrity and application security.

References

http://www.idefense.com/application/poi/display?id=234&ty...

third-party-advisoryx_refsource_IDEFENSE

http://www.securityfocus.com/bid/13368

vdb-entryx_refsource_BID

http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26....

x_refsource_CONFIRM

EPSS Score

73% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 25, 2005
Vulnerability Reserved
Mar 8, 2005

Mysql

What is CVE-2005-0684?

References

EPSS Score

Timeline