Vulnerability Description
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Maxdb | 7.5.00 |
References
- http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAVPatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=234&type=vulnerabilitiesPatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=235&type=vulnerabilitiesPatchVendor Advisory
- http://www.securityfocus.com/bid/13368
- http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAVPatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=234&type=vulnerabilitiesPatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=235&type=vulnerabilitiesPatchVendor Advisory
- http://www.securityfocus.com/bid/13368
FAQ
What is CVE-2005-0684?
CVE-2005-0684 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%"...
How severe is CVE-2005-0684?
CVE-2005-0684 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0684?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql Maxdb.