Vulnerability Details : CVE-2007-2691
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Threat overview for CVE-2007-2691
Top countries where our scanners detected CVE-2007-2691
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2007-2691 4,811
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-2691!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-2691
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-2691
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:N/I:P/A:P |
6.8
|
4.9
|
NIST |
Vendor statements for CVE-2007-2691
-
Red Hat 2007-05-29Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2691 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
-
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/24016
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/1804
Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1536
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34347
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2007/dsa-1413
Third Party Advisory
-
http://www.securitytracker.com/id?1018069
Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2008-0364.html
Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Mailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0894.html
Third Party Advisory
-
http://lists.mysql.com/announce/470
Vendor Advisory
-
http://www.securityfocus.com/archive/1/473874/100/0/threaded
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0768.html
Third Party Advisory
-
http://bugs.mysql.com/bug.php?id=27515
Vendor Advisory
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple SupportThird Party Advisory
-
http://www.securityfocus.com/bid/31681
Third Party Advisory;VDB Entry
-
https://usn.ubuntu.com/528-1/
Third Party Advisory
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*