CVE-2008-4456

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4456
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://bugs.mysql.com/bug.php?id=27884 Exploit
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://seclists.org/bugtraq/2008/Oct/0026.html
http://secunia.com/advisories/32072 Vendor Advisory
http://secunia.com/advisories/34907 Vendor Advisory
http://secunia.com/advisories/36566
http://secunia.com/advisories/38517 Vendor Advisory
http://securityreason.com/securityalert/4357
http://support.apple.com/kb/HT4077
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2009/dsa-1783
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.securityfocus.com/archive/1/496842/100/0/threaded
http://www.securityfocus.com/archive/1/496877/100/0/threaded
http://www.securityfocus.com/archive/1/497158/100/0/threaded
http://www.securityfocus.com/archive/1/497885/100/0/threaded
http://www.securityfocus.com/bid/31486
http://www.ubuntu.com/usn/USN-1397-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45590
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456
http://bugs.mysql.com/bug.php?id=27884 Exploit
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://seclists.org/bugtraq/2008/Oct/0026.html
http://secunia.com/advisories/32072 Vendor Advisory
http://secunia.com/advisories/34907 Vendor Advisory
http://secunia.com/advisories/36566
http://secunia.com/advisories/38517 Vendor Advisory
http://securityreason.com/securityalert/4357
http://support.apple.com/kb/HT4077
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2009/dsa-1783
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.securityfocus.com/archive/1/496842/100/0/threaded
http://www.securityfocus.com/archive/1/496877/100/0/threaded
http://www.securityfocus.com/archive/1/497158/100/0/threaded
http://www.securityfocus.com/archive/1/497885/100/0/threaded
http://www.securityfocus.com/bid/31486
http://www.ubuntu.com/usn/USN-1397-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45590
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.67:*:*:*:*:*:*:*
History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://bugs.mysql.com/bug.php?id=27884 - Exploit () http://bugs.mysql.com/bug.php?id=27884 - Exploit
References () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html - () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html -
References () http://seclists.org/bugtraq/2008/Oct/0026.html - () http://seclists.org/bugtraq/2008/Oct/0026.html -
References () http://secunia.com/advisories/32072 - Vendor Advisory () http://secunia.com/advisories/32072 - Vendor Advisory
References () http://secunia.com/advisories/34907 - Vendor Advisory () http://secunia.com/advisories/34907 - Vendor Advisory
References () http://secunia.com/advisories/36566 - () http://secunia.com/advisories/36566 -
References () http://secunia.com/advisories/38517 - Vendor Advisory () http://secunia.com/advisories/38517 - Vendor Advisory
References () http://securityreason.com/securityalert/4357 - () http://securityreason.com/securityalert/4357 -
References () http://support.apple.com/kb/HT4077 - () http://support.apple.com/kb/HT4077 -
References () http://ubuntu.com/usn/usn-897-1 - () http://ubuntu.com/usn/usn-897-1 -
References () http://www.debian.org/security/2009/dsa-1783 - () http://www.debian.org/security/2009/dsa-1783 -
References () http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability - () http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 - () http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 -
References () http://www.redhat.com/support/errata/RHSA-2009-1289.html - () http://www.redhat.com/support/errata/RHSA-2009-1289.html -
References () http://www.redhat.com/support/errata/RHSA-2010-0110.html - () http://www.redhat.com/support/errata/RHSA-2010-0110.html -
References () http://www.securityfocus.com/archive/1/496842/100/0/threaded - () http://www.securityfocus.com/archive/1/496842/100/0/threaded -
References () http://www.securityfocus.com/archive/1/496877/100/0/threaded - () http://www.securityfocus.com/archive/1/496877/100/0/threaded -
References () http://www.securityfocus.com/archive/1/497158/100/0/threaded - () http://www.securityfocus.com/archive/1/497158/100/0/threaded -
References () http://www.securityfocus.com/archive/1/497885/100/0/threaded - () http://www.securityfocus.com/archive/1/497885/100/0/threaded -
References () http://www.securityfocus.com/bid/31486 - () http://www.securityfocus.com/bid/31486 -
References () http://www.ubuntu.com/usn/USN-1397-1 - () http://www.ubuntu.com/usn/USN-1397-1 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45590 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/45590 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456 -
Information

Published : 2008-10-06 23:25

Updated : 2024-11-21 00:51

NVD link : CVE-2008-4456

Mitre link : CVE-2008-4456

CVE.ORG link : CVE-2008-4456

JSON object : View

Products Affected

mysql

  • mysql

oracle

  • mysql
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024