6.5

CVE-2007-0268

Exploit
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleDatabase Server Version9.0.1.5
OracleDatabase Server Version9.2.0.7
OracleDatabase Server Version10.1.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.82% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/23794
Patch
Vendor Advisory
http://securitytracker.com/id?1017522
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.securityfocus.com/bid/22083
Patch
Exploit
http://osvdb.org/32907
http://osvdb.org/32913
http://osvdb.org/32921
http://www.kb.cert.org/vuls/id/221788
Patch
US Government Resource
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html
http://www.securityfocus.com/archive/1/458005/100/0/threaded
http://www.securityfocus.com/archive/1/458475/100/100/threaded
http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Patch
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/31541