{
  "threat_severity" : "Important",
  "public_date" : "2010-05-13T00:00:00Z",
  "bugzilla" : {
    "description" : "mysql: multiple insufficient table name checks",
    "id" : "592079",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=592079"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name." ],
  "statement" : "The Red Hat Security Response Team has rated this issue as having low security\nimpact, a future update may address this flaw for Red Hat Enterprise Linux 3 and 4 mysql packages.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-11-03T00:00:00Z",
    "advisory" : "RHSA-2010:0824",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "mysql-0:4.1.22-2.el4_8.4",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2010-05-26T00:00:00Z",
    "advisory" : "RHSA-2010:0442",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "mysql-0:5.0.77-4.el5_5.3",
    "impact" : "low"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "mysql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "impact" : "important"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-1848\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1848" ],
  "name" : "CVE-2010-1848",
  "csaw" : false
}