Vulnerability Description
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Community Server | 5.0.41 |
References
- http://bugs.mysql.com/bug.php?id=25578
- http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html
- http://lists.mysql.com/announce/470
- http://osvdb.org/37783
- http://secunia.com/advisories/25301
- http://secunia.com/advisories/26073
- http://secunia.com/advisories/26430
- http://secunia.com/advisories/26498
- http://secunia.com/advisories/26987
- http://secunia.com/advisories/28040
- http://secunia.com/advisories/28108
- http://secunia.com/advisories/28128
- http://secunia.com/advisories/28343
- http://secunia.com/advisories/30351
- http://security.gentoo.org/glsa/glsa-200708-10.xml
FAQ
What is CVE-2007-3781?
CVE-2007-3781 is a vulnerability with a CVSS score of 4.0 (MEDIUM). MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive infor...
How severe is CVE-2007-3781?
CVE-2007-3781 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3781?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql Community Server.