Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2006-0547
HistoryFeb 04, 2006 - 2:02 a.m.

CVE-2006-0547

2006-02-0402:02:00
[email protected]
web.nvd.nist.gov
6

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265.

Affected configurations

Nvd
Node
oracledatabase_serverMatch8.1.7.4r3
OR
oracledatabase_serverMatch9.2.0.6r2
OR
oracledatabase_serverMatch9.2.0.7r2
OR
oracledatabase_serverMatch10.1.0.3r1
OR
oracledatabase_serverMatch10.1.0.4r1
OR
oracledatabase_serverMatch10.1.0.5r1
OR
oracledatabase_serverMatch10.2.0.1r2
VendorProductVersionCPE
oracledatabase_server8.1.7.4cpe:2.3:a:oracle:database_server:8.1.7.4:r3:*:*:*:*:*:*
oracledatabase_server9.2.0.6cpe:2.3:a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:*
oracledatabase_server9.2.0.7cpe:2.3:a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
oracledatabase_server10.1.0.3cpe:2.3:a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
oracledatabase_server10.1.0.4cpe:2.3:a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
oracledatabase_server10.1.0.5cpe:2.3:a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
oracledatabase_server10.2.0.1cpe:2.3:a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:*

Related

cve 3
cvelist 3
prion 3
nvd 2
cert 1
checkpoint_advisories 1
openvas 1
nessus 1
cve
cve
CVE-2006-0547
2006-02-04 02:02:00
CVE-2006-0265
2006-01-18 11:03:00
CVE-2007-2112
2007-04-18 18:19:00
cvelist
cvelist
CVE-2006-0547
2006-02-04 02:00:00
CVE-2006-0265
2006-01-18 11:00:00
CVE-2007-2112
2007-04-18 18:00:00
prion
prion
Buffer overflow
2006-02-04 02:02:00
Sql injection
2006-01-18 11:03:00
Authentication flaw
2007-04-18 18:19:00
nvd
nvd
CVE-2006-0265
2006-01-18 11:03:00
CVE-2007-2112
2007-04-18 18:19:00
cert
cert
Oracle TNS protocol fails to properly validate authentication requests
2006-01-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database Server Login Access Control Bypass (CVE-2006-0547)
2015-10-22 00:00:00
openvas
openvas
Oracle Database Server Multiple Unspecified Vulnerabilities
2011-12-07 00:00:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (January 2006 CPU)
2011-11-16 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON
Related for NVD:CVE-2006-0547
cve3cvelist3prion3nvd2cert1checkpoint_advisories1openvas1nessus1