Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveOracleCVE-2009-1991
HistoryOct 22, 2009 - 6:30 p.m.

CVE-2009-1991

2009-10-2218:30:00
oracle
web.nvd.nist.gov
34
cve-2009-1991
oracle
database
vulnerability
oracle text
sql injection
confidentiality
integrity
ctxsys.drvxtabc
nvd

CVSS2

3.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.177

Percentile

96.2%

JSON

Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that this is for multiple SQL injection vulnerabilities via the (1) idx_owner or (2) idx_name parameters to the create_tables procedure.

Affected configurations

Nvd
Node
oracledatabase_serverMatch9.2.0.8
OR
oracledatabase_serverMatch9.2.0.8dv
OR
oracledatabase_serverMatch10.1.0.5
OR
oracledatabase_serverMatch10.2.0.4
VendorProductVersionCPE
oracledatabase_server9.2.0.8cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
oracledatabase_server9.2.0.8dvcpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
oracledatabase_server10.1.0.5cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
oracledatabase_server10.2.0.4cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*

Related

securityvulns 4
cvelist 1
checkpoint_advisories 1
erpscan 1
prion 1
nvd 1
nessus 1
oracle 1
securityvulns
securityvulns
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others
2009-11-30 00:00:00
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
2009-10-28 00:00:00
Oracle multiple security vulnerabilities
2009-11-30 00:00:00
cvelist
cvelist
CVE-2009-1991
2009-10-22 18:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database Server CREATE_TABLES SQL Injection (CVE-2009-1991)
2009-12-17 00:00:00
erpscan
erpscan
Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection
2008-01-29 00:00:00
prion
prion
Sql injection
2009-10-22 18:30:00
nvd
nvd
CVE-2009-1991
2009-10-22 18:30:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (October 2009 CPU)
2011-11-16 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - October 2009
2009-10-20 00:00:00

CVSS2

3.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.177

Percentile

96.2%

JSON
Related for CVE-2009-1991
securityvulns4cvelist1checkpoint_advisories1erpscan1prion1nvd1nessus1oracle1