CVE-2007-2691

Advisory lineage Upstream: 0 Downstream: 4

Downstream

DSA-1413-1 RHSA-2007:0894 RHSA-2008:0364 RHSA-2008:0768

Modified

Published: 16 May 2007, 01:00

Last modified:07 Aug 2024, 13:49

Vulnerability Summary

Overall Risk (default)

low

20/100

CVSS Score

4.9 MEDIUM

v2.0 (nvd)

EPSS Score

1.34% LOW

1% probability +0.25%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 May 2007, 01:00

Published

Vulnerability first disclosed

07 Aug 2024, 13:49

Last Modified

Vulnerability information updated

Description

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

CVSS Metrics

v2.0•MEDIUM•Score: 4.9AV:N/AC:M/Au:S/C:N/I:P/A:P

EPSS Trends

Current EPSS score: 1.34%• Percentile: 80%

Affected Systems

canonical•ubuntu_linux
6.06 | 6.10 | 7.04
debian•debian_linux
3.1 | 4.0
mysql•mysql
≤ 4.1.22 | ≥ 5.0, < 5.0.42 | ≥ 5.1, < 5.1.18