7.5

CVE-2002-1374

Exploit
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleMysql Version3.22.26
OracleMysql Version3.22.27
OracleMysql Version3.22.28
OracleMysql Version3.22.29
OracleMysql Version3.22.30
OracleMysql Version3.22.32
OracleMysql Version3.23.2
OracleMysql Version3.23.3
OracleMysql Version3.23.4
OracleMysql Version3.23.5
OracleMysql Version3.23.8
OracleMysql Version3.23.9
OracleMysql Version3.23.10
OracleMysql Version3.23.23
OracleMysql Version3.23.24
OracleMysql Version3.23.25
OracleMysql Version3.23.26
OracleMysql Version3.23.27
OracleMysql Version3.23.28
OracleMysql Version3.23.29
OracleMysql Version3.23.30
OracleMysql Version3.23.31
OracleMysql Version3.23.34
OracleMysql Version3.23.36
OracleMysql Version3.23.37
OracleMysql Version3.23.38
OracleMysql Version3.23.39
OracleMysql Version3.23.40
OracleMysql Version3.23.41
OracleMysql Version3.23.42
OracleMysql Version3.23.43
OracleMysql Version3.23.44
OracleMysql Version3.23.45
OracleMysql Version3.23.46
OracleMysql Version3.23.47
OracleMysql Version3.23.48
OracleMysql Version3.23.49
OracleMysql Version3.23.50
OracleMysql Version3.23.51
OracleMysql Version3.23.52
OracleMysql Version3.23.53
OracleMysql Version3.23.53a
OracleMysql Version4.0.0
OracleMysql Version4.0.1
OracleMysql Version4.0.2
OracleMysql Version4.0.3
OracleMysql Version4.0.5a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.36% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
http://www.securityfocus.com/bid/6373
Patch
Vendor Advisory
Exploit