CVE-2005-0684

Name of the Vulnerable Software and Affected Versions MySQL MaxDB versions prior to 7.5.00.26

Description The issue is related to multiple buffer overflows in the web tool for MySQL MaxDB. Remote attackers can execute arbitrary code via an HTTP GET request with a long file parameter after a percent ("%") sign or a long Lock-Token string to the WebDAV functionality. The getLockTokenHeader function in WDVHandler CommonUtils.c does not properly handle these inputs.

Recommendations For versions prior to 7.5.00.26, update to version 7.5.00.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebDAV functionality to minimize the risk of exploitation. Avoid using long file parameters after a percent ("%") sign or long Lock-Token strings in the affected API endpoint until the issue is resolved.