Intrusion Prevention



This indicates an attack attempt to exploit a format string vulnerability in MySQL Server.
The vulnerability is a result of the application's failure to properly sanitize first parameter of the date_format function. As a result, a remote attacker can send a crafted query to crash the vulnerable server.

Affected Products

MySQL AB MySQL 4.1.20 and prior
MySQL AB MySQL 5.0.20 and prior
MySQL AB MySQL 5.1.8 and prior


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version,available from the web site.

CVE References