Vulnerability Details : CVE-2007-5970
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
Products affected by CVE-2007-5970
- cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5970
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5970
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
Vendor statements for CVE-2007-5970
-
Red Hat 2008-01-09Not vulnerable. This issue did not affect the mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as the versions shipped do not support table partitioning. The partitioning feature was introduced in development MySQL version 5.1.
References for CVE-2007-5970
Jump to