CVE-2002-1375 — Vulnetix

CVE-2002-1375 PUBLISHED CVSS 7.5 HIGH

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

EPSS 15.03% · 94.7th percentile

Risk Scores

CVSS 2.0

7.5

EPSS Score

15.03%

94.7th percentile

Affected Products

Vendor	Product	Versions
oracle	mysql	3.22.28, 3.23.48, 3.23.50
symantec_veritas	netbackup_global_data_manager	4.5_fp1, 4.5_fp2, 4.5_fp3
n/a	n/a	n/a
symantec_veritas	netbackup_advanced_reporter	4.5, 4.5_fp1, 4.5_fp2

Exploit Intelligence

20021212 Advisory 04/2002: Multiple MySQL vulnerabilities (circl)
20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) (circl)
CLSA-2002:555 (circl)
ESA-20021213-033 (circl)
http://security.e-matters.de/advisories/042002.html (circl)
DSA-212 (circl)
RHSA-2002:288 (circl)
mysql-comchangeuser-password-bo(10848) (circl)
MDKSA-2002:087 (circl)
RHSA-2003:166 (circl)

…and 6 more exploits

Timeline

Dec 23, 2002 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score
Aug 9, 2023 EPSS Score
Sep 8, 2023 EPSS Score

References

20021212 Advisory 04/2002: Multiple MySQL vulnerabilities mailing-list
20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) mailing-list
CLSA-2002:555 vendor-advisory
ESA-20021213-033 vendor-advisory
http://security.e-matters.de/advisories/042002.html url
DSA-212 vendor-advisory
RHSA-2002:288 vendor-advisory
mysql-comchangeuser-password-bo(10848) vdb
MDKSA-2002:087 vendor-advisory
RHSA-2003:166 vendor-advisory
GLSA-200212-2 vendor-advisory
SUSE-SA:2003:003 vendor-advisory
6375 vdb
RHSA-2002:289 vendor-advisory
2002-0086 vendor-advisory
IMNX-2003-7+-008-01 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2002-1375 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›