CVE-2004-0835
published 2004-11-03CVE-2004-0835: MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
22.35%
97.4th percentile
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| mysql | mysql | 4.1.0 – 4.1.2 | — |
| mysql | mysql | 5.0.0 – 5.0.1 | — |
| oracle | mysql | < 3.23.59 | 3.23.59 |
| oracle | mysql | >= 4.0.0 < 4.0.19 | 4.0.19 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-75ph-gf88-2722: MySQL 3
ghsa_unreviewed·2022-04-29
CVE-2004-0835 [HIGH] GHSA-75ph-gf88-2722: MySQL 3
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Red Hat
security flaw
vendor_redhat·2004-03-23·CVSS 7.5
CVE-2004-0835 [HIGH] security flaw
security flaw
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
No detection rules found.
http://bugs.mysql.com/bug.php?id=3270http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892http://lists.mysql.com/internals/13073http://secunia.com/advisories/12783/http://securitytracker.com/id?1011606http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1http://www.ciac.org/ciac/bulletins/p-018.shtmlhttp://www.debian.org/security/2004/dsa-562http://www.gentoo.org/security/en/glsa/glsa-200410-22.xmlhttp://www.mysql.org/doc/refman/4.1/en/news-4-0-19.htmlhttp://www.mysql.org/doc/refman/4.1/en/news-4-1-2.htmlhttp://www.redhat.com/support/errata/RHSA-2004-597.htmlhttp://www.redhat.com/support/errata/RHSA-2004-611.htmlhttp://www.securityfocus.com/bid/11357http://www.trustix.org/errata/2004/0054/https://exchange.xforce.ibmcloud.com/vulnerabilities/17666http://bugs.mysql.com/bug.php?id=3270http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892http://lists.mysql.com/internals/13073http://secunia.com/advisories/12783/http://securitytracker.com/id?1011606http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1http://www.ciac.org/ciac/bulletins/p-018.shtmlhttp://www.debian.org/security/2004/dsa-562http://www.gentoo.org/security/en/glsa/glsa-200410-22.xmlhttp://www.mysql.org/doc/refman/4.1/en/news-4-0-19.htmlhttp://www.mysql.org/doc/refman/4.1/en/news-4-1-2.htmlhttp://www.redhat.com/support/errata/RHSA-2004-597.htmlhttp://www.redhat.com/support/errata/RHSA-2004-611.htmlhttp://www.securityfocus.com/bid/11357http://www.trustix.org/errata/2004/0054/https://exchange.xforce.ibmcloud.com/vulnerabilities/17666
2004-11-03
Published