CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
82.7%
+Issue Summary+
Following a recent security patch by Oracle for the {{ojdbc6.jar}} driver as fix for {{CVE-2016-3506. (p23727132_112040_Generic.zip, available in Oracle Support download area)}}, applying the patch to Confluence breaks Confluence with Confluence throwing:
{code}
Caused by: java.sql.SQLException: Invalid argument(s) in call
at oracle.jdbc.OracleDatabaseMetaData.getTables(OracleDatabaseMetaData.java:2991)
at org.apache.commons.dbcp.DelegatingDatabaseMetaData.getTables(DelegatingDatabaseMetaData.java:604)
at net.java.ao.db.OracleDatabaseProvider.getSequences(OracleDatabaseProvider.java:93)
at net.java.ao.schema.helper.DatabaseMetaDataReaderImpl.getSequenceNames(DatabaseMetaDataReaderImpl.java:222)
… 60 more
{code}
+Step to Reproduce+
+Expected Behavior+
The user would be able to login with no problems.
+Actual Behavior+
The user gets a 500 page error with the logs mentioned above.
+Note+
When user reverts back to using the bundled driver, things work fine again.
Vendor | Product | Version | CPE |
---|---|---|---|
atlassian | confluence_data_center | * | cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
82.7%