[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0819Date: (C)2009-03-04   (M)2023-12-22


sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1021786
BID-33972
SECUNIA-34115
ADV-2009-0594
http://bugs.mysql.com/bug.php?id=42495
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html
mysql-xpath-dos(49050)
oval:org.mitre.oval:def:7544

CPE    3
cpe:/a:mysql:mysql:5.1.23
cpe:/a:mysql:mysql:5.1.31
cpe:/a:mysql:mysql
OVAL    1
oval:org.mitre.oval:def:7544

© SecPod Technologies