Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4456

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-4456
Last Modified 22 Jan 2013 11:03:26
Published 06 Oct 2008 07:25:50
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-4456

Summary

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Vulnerable Systems

Application

  • Mysql 5.0.26

  • Mysql 5.0.27

  • Mysql 5.0.30

  • Mysql 5.0.32

  • Mysql 5.0.33

  • Mysql 5.0.36

  • Mysql 5.0.37

  • Mysql 5.0.38

  • Mysql 5.0.4

  • Mysql 5.0.41

  • Mysql 5.0.42

  • Mysql 5.0.44

  • Mysql 5.0.45

  • Mysql 5.0.67


References

XF - mysql-commandline-xss(45590)

BID - 31486

BUGTRAQ - 20081029 Re: MySQL command-line client HTML injection vulnerability

BUGTRAQ - 20081008 Re: MySQL command-line client HTML injection vulnerability

BUGTRAQ - 20080930 RE: MySQL command-line client HTML injection vulnerability

BUGTRAQ - 20080930 MySQL command-line client HTML injection vulnerability

REDHAT - RHSA-2010:0110

MANDRIVA - MDVSA-2009:094

MISC - http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability

DEBIAN - DSA-1783

UBUNTU - USN-897-1

CONFIRM - http://support.apple.com/kb/HT4077

SREASON - 4357

SECUNIA - 38517

SECUNIA - 34907

SECUNIA - 32072

BUGTRAQ - 20081004 RE: RE: MySQL command-line client HTML injection vulnerability

APPLE - APPLE-SA-2010-03-29-1

CONFIRM - http://bugs.mysql.com/bug.php?id=27884

REDHAT - RHSA-2009:1289

SECUNIA - 36566


Last Updated: 27 May 2016 10:51:50