Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2007-0268
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.5/10
- Exploit Score
- 8/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- Single
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html
- http://www.us-cert.gov/cas/techalerts/TA07-017A.html
- http://www.kb.cert.org/vuls/id/221788
- http://secunia.com/advisories/23794
- http://securitytracker.com/id?1017522
- http://www.securityfocus.com/bid/22083
- http://osvdb.org/32921
- http://osvdb.org/32913
- http://osvdb.org/32907
- http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31541
- http://www.securityfocus.com/archive/1/458475/100/100/threaded
- http://www.securityfocus.com/archive/1/458005/100/0/threaded