ByteOS Network

Vulnerability Details :

CVE-2007-3781

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-15 Jul, 2007 | 22:00

Updated At-07 Aug, 2024 | 14:28

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:15 Jul, 2007 | 22:00

Updated At:07 Aug, 2024 | 14:28

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://bugs.mysql.com/bug.php?id=25578	x_refsource_MISC
http://secunia.com/advisories/28343	third-party-advisory x_refsource_SECUNIA
http://osvdb.org/37783	vdb-entry x_refsource_OSVDB
http://www.redhat.com/support/errata/RHSA-2007-0894.html	vendor-advisory x_refsource_REDHAT
http://secunia.com/advisories/26073	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/26498	third-party-advisory x_refsource_SECUNIA
http://lists.mysql.com/announce/470	mailing-list x_refsource_MLIST
http://www.debian.org/security/2008/dsa-1451	vendor-advisory x_refsource_DEBIAN
http://www.securityfocus.com/bid/25017	vdb-entry x_refsource_BID
https://usn.ubuntu.com/559-1/	vendor-advisory x_refsource_UBUNTU
http://www.securityfocus.com/archive/1/473874/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://security.gentoo.org/glsa/glsa-200708-10.xml	vendor-advisory x_refsource_GENTOO
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959	vendor-advisory x_refsource_SLACKWARE
http://secunia.com/advisories/26987	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25301	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28040	third-party-advisory x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1536	x_refsource_CONFIRM
http://secunia.com/advisories/30351	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28108	third-party-advisory x_refsource_SECUNIA
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html	x_refsource_CONFIRM
http://secunia.com/advisories/26430	third-party-advisory x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195	vdb-entry signature x_refsource_OVAL
http://secunia.com/advisories/28128	third-party-advisory x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:243	vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0364.html	vendor-advisory x_refsource_REDHAT

Hyperlink: http://bugs.mysql.com/bug.php?id=25578

Resource:

x_refsource_MISC

Hyperlink: http://secunia.com/advisories/28343

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://osvdb.org/37783

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0894.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://secunia.com/advisories/26073

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/26498

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://lists.mysql.com/announce/470

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.debian.org/security/2008/dsa-1451

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://www.securityfocus.com/bid/25017

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://usn.ubuntu.com/559-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.securityfocus.com/archive/1/473874/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://security.gentoo.org/glsa/glsa-200708-10.xml

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959

Resource:

vendor-advisory

x_refsource_SLACKWARE

Hyperlink: http://secunia.com/advisories/26987

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/25301

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/28040

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://issues.rpath.com/browse/RPL-1536

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/30351

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/28108

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/26430

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://secunia.com/advisories/28128

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:243

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0364.html

Resource:

vendor-advisory

x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://bugs.mysql.com/bug.php?id=25578	x_refsource_MISC x_transferred
http://secunia.com/advisories/28343	third-party-advisory x_refsource_SECUNIA x_transferred
http://osvdb.org/37783	vdb-entry x_refsource_OSVDB x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0894.html	vendor-advisory x_refsource_REDHAT x_transferred
http://secunia.com/advisories/26073	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/26498	third-party-advisory x_refsource_SECUNIA x_transferred
http://lists.mysql.com/announce/470	mailing-list x_refsource_MLIST x_transferred
http://www.debian.org/security/2008/dsa-1451	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.securityfocus.com/bid/25017	vdb-entry x_refsource_BID x_transferred
https://usn.ubuntu.com/559-1/	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securityfocus.com/archive/1/473874/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://security.gentoo.org/glsa/glsa-200708-10.xml	vendor-advisory x_refsource_GENTOO x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959	vendor-advisory x_refsource_SLACKWARE x_transferred
http://secunia.com/advisories/26987	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/25301	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/28040	third-party-advisory x_refsource_SECUNIA x_transferred
https://issues.rpath.com/browse/RPL-1536	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/30351	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/28108	third-party-advisory x_refsource_SECUNIA x_transferred
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/26430	third-party-advisory x_refsource_SECUNIA x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195	vdb-entry signature x_refsource_OVAL x_transferred
http://secunia.com/advisories/28128	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2007:243	vendor-advisory x_refsource_MANDRIVA x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0364.html	vendor-advisory x_refsource_REDHAT x_transferred

Hyperlink: http://bugs.mysql.com/bug.php?id=25578

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://secunia.com/advisories/28343

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://osvdb.org/37783

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0894.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://secunia.com/advisories/26073

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/26498

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://lists.mysql.com/announce/470

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.debian.org/security/2008/dsa-1451

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://www.securityfocus.com/bid/25017

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://usn.ubuntu.com/559-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/473874/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://security.gentoo.org/glsa/glsa-200708-10.xml

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959

Resource:

vendor-advisory

x_refsource_SLACKWARE

x_transferred

Hyperlink: http://secunia.com/advisories/26987

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/25301

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/28040

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://issues.rpath.com/browse/RPL-1536

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/30351

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/28108

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/26430

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://secunia.com/advisories/28128

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:243

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0364.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:15 Jul, 2007 | 22:30

Updated At:15 Oct, 2018 | 21:30

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:N/A:N

CPE Matches

mysql>>community_server>>5.0.41

cpe:2.3:a:mysql:community_server:5.0.41:*:*:*:*:*:*:*

mysql>>community_server>>5.0.44

cpe:2.3:a:mysql:community_server:5.0.44:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2007-07-17T00:00:00

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

References

Hyperlink	Source	Resource
http://bugs.mysql.com/bug.php?id=25578	cve@mitre.org	N/A
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html	cve@mitre.org	N/A
http://lists.mysql.com/announce/470	cve@mitre.org	N/A
http://osvdb.org/37783	cve@mitre.org	N/A
http://secunia.com/advisories/25301	cve@mitre.org	N/A
http://secunia.com/advisories/26073	cve@mitre.org	N/A
http://secunia.com/advisories/26430	cve@mitre.org	N/A
http://secunia.com/advisories/26498	cve@mitre.org	N/A
http://secunia.com/advisories/26987	cve@mitre.org	N/A
http://secunia.com/advisories/28040	cve@mitre.org	N/A
http://secunia.com/advisories/28108	cve@mitre.org	N/A
http://secunia.com/advisories/28128	cve@mitre.org	N/A
http://secunia.com/advisories/28343	cve@mitre.org	N/A
http://secunia.com/advisories/30351	cve@mitre.org	N/A
http://security.gentoo.org/glsa/glsa-200708-10.xml	cve@mitre.org	N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959	cve@mitre.org	N/A
http://www.debian.org/security/2008/dsa-1451	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2007:243	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2007-0894.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2008-0364.html	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/473874/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/25017	cve@mitre.org	N/A
https://issues.rpath.com/browse/RPL-1536	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195	cve@mitre.org	N/A
https://usn.ubuntu.com/559-1/	cve@mitre.org	N/A

Hyperlink: http://bugs.mysql.com/bug.php?id=25578

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.mysql.com/announce/470

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://osvdb.org/37783

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/25301

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/26073

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/26430

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/26498

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/26987

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/28040

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/28108

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/28128

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/28343

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/30351

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://security.gentoo.org/glsa/glsa-200708-10.xml

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2008/dsa-1451

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:243

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0894.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0364.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/473874/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/25017

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://issues.rpath.com/browse/RPL-1536

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://usn.ubuntu.com/559-1/

Source: cve@mitre.org

Resource: N/A

Similar CVEs

2Records found

CVE-2012-0484

Matching Score-8

Assigner-Oracle

View Details

Matching Score-8

Assigner-Oracle

CVSS Score-4||MEDIUM

EPSS-0.32% / 54.38%

7 Day CHG~0.00%

Published-18 Jan, 2012 | 22:00

Updated-11 Apr, 2025 | 00:51

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

Vendor-mysql n/a Oracle Corporation

Product-mysql n/a

CVE-2017-12419

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.9||MEDIUM

EPSS-0.95% / 75.39%

7 Day CHG~0.00%

Published-05 Aug, 2017 | 15:00

Updated-20 Apr, 2025 | 01:37

If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.

Vendor-mysql n/a Mantis Bug Tracker (MantisBT)MariaDB Foundation

Product-mariadb mantisbt mysql n/a

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2007-3781

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs