CVE-2002-1375 — Vulnetix

Try Vulnetix Request Demo

CVE-2002-1375 PUBLISHED CVSS 7.5 HIGH

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

EPSS 15.03% · 94.5th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

15.03%

94.5th percentile

Affected Products

Vendor	Product	Versions
oracle	mysql	3.23.23, 3.22.26, 3.22.27
symantec_veritas	netbackup_global_data_manager	4.5, 4.5_mp1, 4.5_mp2
n/a	n/a	n/a
symantec_veritas	netbackup_advanced_reporter	4.5_fp3, 4.5_mp1, 4.5_mp2

Timeline

Dec 23, 2002 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 9, 2023 EPSS Score

References

20021212 Advisory 04/2002: Multiple MySQL vulnerabilities mailing-list
20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) mailing-list
CLSA-2002:555 vendor-advisory
ESA-20021213-033 vendor-advisory
http://security.e-matters.de/advisories/042002.html url
DSA-212 vendor-advisory
RHSA-2002:288 vendor-advisory
mysql-comchangeuser-password-bo(10848) vdb
MDKSA-2002:087 vendor-advisory
RHSA-2003:166 vendor-advisory
GLSA-200212-2 vendor-advisory
SUSE-SA:2003:003 vendor-advisory
6375 vdb
RHSA-2002:289 vendor-advisory
2002-0086 vendor-advisory
IMNX-2003-7+-008-01 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2002-1375 advisory

Open in Interactive Console →