CVE Database

CVE-2008-4456

Impact: Low
Public: 2008-09-30
Bugzilla: 466518: CVE-2008-4456 mysql: mysql command line client XSS flaw

Details

The MITRE CVE dictionary describes this issue as:

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Find out more about CVE-2008-4456 from the MITRE CVE dictionary and NIST NVD.

Statement

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4456
This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html .
The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3, and Red Hat Application Stack 2.

CVSS v2 metrics

Base Score: 1.7
Base Metrics: AV:L/AC:L/Au:S/C:N/I:P/A:N
Access Vector: Local
Access Complexity: Low
Authentication: Single Instance
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Application Stack v2 for Enterprise Linux (v.5) RHSA-2009:1461 September 23, 2009
Red Hat Enterprise Linux version 4 (mysql) RHSA-2010:0110 February 16, 2010
Red Hat Enterprise Linux version 5 (mysql) RHSA-2009:1289 September 02, 2009

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.