Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MySQL MaxDB HTTP GET请求远程缓冲区溢出漏洞
Vulnerability Description
MySQL的MaxDB是SAP AG开放源码数据库SAP DB的增强版本,是对MySQL数据库服务器的补充。 MaxDB处理HTTP界面上的请求时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在系统上执行任意指令。 漏洞起因是没能正确地处理包含有百分号(%)的HTTP GET请求。如果攻击者能够发布指定了百分号的HTTP GET请求,而请求后有超长字符串做为文件参数,就可能发生栈溢出。攻击者必须发送大约4000字节的长度才能覆盖进程SEH。攻击者还可能覆盖程序保存的指令指针。
CVSS Information
N/A
Vulnerability Type
N/A