CyberSec.Space Logo
Back to CVE Browser

CVE-2005-0684

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile18.46th
PublishedApr 25, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.

Affected Platforms (CPE)

πŸ“¦
Mysql

Maxdb

= 7.5.00
πŸ“¦
Mysql

Maxdb

= 7.5.00.08
πŸ“¦
Mysql

Maxdb

= 7.5.00.11
πŸ“¦
Mysql

Maxdb

= 7.5.00.12
πŸ“¦
Mysql

Maxdb

= 7.5.00.14
πŸ“¦
Mysql

Maxdb

= 7.5.00.15
πŸ“¦
Mysql

Maxdb

= 7.5.00.16
πŸ“¦
Mysql

Maxdb

= 7.5.00.18
πŸ“¦
Mysql

Maxdb

= 7.5.00.19
πŸ“¦
Mysql

Maxdb

= 7.5.00.23

References & Advisories

πŸ”— http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV
πŸ”— http://www.idefense.com/application/poi/display?id=234&type=vulnerabilities
πŸ”— http://www.idefense.com/application/poi/display?id=235&type=vulnerabilities
πŸ”— http://www.securityfocus.com/bid/13368
πŸ”— http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV
πŸ”— http://www.idefense.com/application/poi/display?id=234&type=vulnerabilities
πŸ”— http://www.idefense.com/application/poi/display?id=235&type=vulnerabilities
πŸ”— http://www.securityfocus.com/bid/13368

Related Vulnerabilities

CVE-2006-430510.0

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name wh...

CVE-2005-127410.0

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote ...

CVE-2004-116810.0

Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbit...

CVE-2008-024410.0

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacte...