5.5

CVE-2007-3854

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12).  NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleApex Version1.5.0
OracleApex Version1.6.1
OracleApex Version2.0
OracleApex Version2.2
OracleApplication Server Version1.0.2.2 Updater2
OracleApplication Server Version9.0.4.3
OracleApplication Server Version10.1.2.0.1
OracleApplication Server Version10.1.2.0.2
OracleApplication Server Version10.1.2.1.0
OracleApplication Server Version10.1.2.2.0
OracleApplication Server Version10.1.3.0.0
OracleApplication Server Version10.1.3.1.0
OracleApplication Server Version10.1.3.2.0
OracleApplication Server Version10.1.3.3.0
OracleCollaboration Suite Version10.1.2
OracleDatabase Server Version9.0.1.5 Editionfips
OracleDatabase Server Version9.2.0.7 Updater2
OracleDatabase Server Version9.2.0.8 Updater2
OracleDatabase Server Version9.2.0.8dv Updater2
OracleDatabase Server Version10.1.0.5
OracleDatabase Server Version10.2.0.2 Updater2
OracleDatabase Server Version10.2.0.3 Updater2
OracleE-business Suite Version11.5.8
OracleE-business Suite Version11.5.9
OracleE-business Suite Version11.5.10
OracleE-business Suite Version11.5.10.2
OracleE-business Suite Version12.0.0
OracleE-business Suite Version12.0.1
OracleSecure Enterprise Search Version10.1.6
OracleSecure Enterprise Search Version10.1.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.53% 0.829
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
http://secunia.com/advisories/26114
Patch
Vendor Advisory
http://secunia.com/advisories/26166
Vendor Advisory
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html
http://www.securitytracker.com/id?1018415
http://www.us-cert.gov/cas/techalerts/TA07-200A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/2562
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2635
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
https://exchange.xforce.ibmcloud.com/vulnerabilities/35497