Lucene search

MitreCVE-2007-3854

HistoryJul 18, 2007 - 7:30 p.m.

CVE-2007-3854

2007-07-1819:30:00

mitre

web.nvd.nist.gov

cve-2007-3854

oracle database

unspecified vulnerabilities

remote authenticated users

advanced queuing component

spatial component

sql injection

buffer overflow

nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

9.4

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

Affected configurations

Nvd

Node

oracleapexMatch1.5.0

oracleapexMatch1.6.1

oracleapexMatch2.0

oracleapexMatch2.2

oracleapplication_serverMatch1.0.2.2r2

oracleapplication_serverMatch9.0.4.3

oracleapplication_serverMatch10.1.2.0.1

oracleapplication_serverMatch10.1.2.0.2

oracleapplication_serverMatch10.1.2.1.0

oracleapplication_serverMatch10.1.2.2.0

oracleapplication_serverMatch10.1.3.0.0

oracleapplication_serverMatch10.1.3.1.0

oracleapplication_serverMatch10.1.3.2.0

oracleapplication_serverMatch10.1.3.3.0

oraclecollaboration_suiteMatch10.1.2

oracledatabase_serverMatch9.0.1.5fips

oracledatabase_serverMatch9.2.0.7r2

oracledatabase_serverMatch9.2.0.8r2

oracledatabase_serverMatch9.2.0.8dvr2

oracledatabase_serverMatch10.1.0.5

oracledatabase_serverMatch10.2.0.2r2

oracledatabase_serverMatch10.2.0.3r2

oraclee-business_suiteMatch11.5.8

oraclee-business_suiteMatch11.5.9

oraclee-business_suiteMatch11.5.10

oraclee-business_suiteMatch11.5.10.2

oraclee-business_suiteMatch12.0.0

oraclee-business_suiteMatch12.0.1

oraclepeoplesoft_enterprise_customer_relationship_managementMatch8.9

oraclepeoplesoft_enterprise_customer_relationship_managementMatch9.0

oraclepeoplesoft_enterprise_human_capital_managementMatch8.9

oraclepeoplesoft_enterprise_human_capital_managementMatch9.0

oraclepeoplesoft_enterprise_peopletoolsMatch8.22

oraclepeoplesoft_enterprise_peopletoolsMatch8.47

oraclepeoplesoft_enterprise_peopletoolsMatch8.48

oraclepeoplesoft_enterprise_peopletoolsMatch8.49

oraclesecure_enterprise_searchMatch10.1.6

oraclesecure_enterprise_searchMatch10.1.8

VendorProductVersionCPE
oracleapex1.5.0cpe:2.3:a:oracle:apex:1.5.0:*:*:*:*:*:*:*
oracleapex1.6.1cpe:2.3:a:oracle:apex:1.6.1:*:*:*:*:*:*:*
oracleapex2.0cpe:2.3:a:oracle:apex:2.0:*:*:*:*:*:*:*
oracleapex2.2cpe:2.3:a:oracle:apex:2.2:*:*:*:*:*:*:*
oracleapplication_server1.0.2.2cpe:2.3:a:oracle:application_server:1.0.2.2:r2:*:*:*:*:*:*
oracleapplication_server9.0.4.3cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
oracleapplication_server10.1.2.0.1cpe:2.3:a:oracle:application_server:10.1.2.0.1:*:*:*:*:*:*:*
oracleapplication_server10.1.2.0.2cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
oracleapplication_server10.1.2.1.0cpe:2.3:a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*
oracleapplication_server10.1.2.2.0cpe:2.3:a:oracle:application_server:10.1.2.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	apex	1.5.0	cpe:2.3:a:oracle:apex:1.5.0:::::::*
oracle	apex	1.6.1	cpe:2.3:a:oracle:apex:1.6.1:::::::*
oracle	apex	2.0	cpe:2.3:a:oracle:apex:2.0:::::::*
oracle	apex	2.2	cpe:2.3:a:oracle:apex:2.2:::::::*
oracle	application_server	1.0.2.2	cpe:2.3:a:oracle:application_server:1.0.2.2:r2::::::
oracle	application_server	9.0.4.3	cpe:2.3:a:oracle:application_server:9.0.4.3:::::::*
oracle	application_server	10.1.2.0.1	cpe:2.3:a:oracle:application_server:10.1.2.0.1:::::::*
oracle	application_server	10.1.2.0.2	cpe:2.3:a:oracle:application_server:10.1.2.0.2:::::::*
oracle	application_server	10.1.2.1.0	cpe:2.3:a:oracle:application_server:10.1.2.1.0:::::::*
oracle	application_server	10.1.2.2.0	cpe:2.3:a:oracle:application_server:10.1.2.2.0:::::::*

Rows per page:

1-10 of 381

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143

secunia.com/advisories/26114

secunia.com/advisories/26166

www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf

www.oracle.com/technetwork/topics/security/cpujul2007-087014.html

www.red-database-security.com/advisory/oracle_cpu_jul_2007.html

www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html

www.securitytracker.com/id?1018415

www.us-cert.gov/cas/techalerts/TA07-200A.html

www.vupen.com/english/advisories/2007/2562

www.vupen.com/english/advisories/2007/2635

exchange.xforce.ibmcloud.com/vulnerabilities/35490

exchange.xforce.ibmcloud.com/vulnerabilities/35497

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

9.4

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON

Related for CVE-2007-3854