Vulnerabilites related to oracle - oracle9i
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2.2 | |
| oracle | application_server | 1.0.2.2.2 | |
| oracle | application_server | 9.0.3 | |
| oracle | application_server | 9.0.3.1 | |
| oracle | oracle9i | enterprise_9.0.1.4 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | personal_9.0.1.4 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0160E00-D722-40CE-976C-77CB91C1B94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD."
}
],
"id": "CVE-2004-2244",
"lastModified": "2024-11-20T23:52:51.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10936"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4011"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9703"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-23 01:28
Modified
2024-11-21 00:23
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle10g:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC35B86B-8B7C-410D-894D-05E0E8C8998C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "795F83D5-953C-4BBF-896F-DBDAB813BAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Oracle Portal 9i y 10g permite a atacantes remotos inyectar JAvaSCript de su elecci\u00f3n a trav\u00e9s del par\u00e1metro tc en webapp/jsp/container_tabs.jsp, y otros vectores no especificados."
}
],
"id": "CVE-2006-6703",
"lastModified": "2024-11-21T00:23:26.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-23T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21717"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5143"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8C65AE-EF3B-4B02-B260-B32FB674956D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "795F83D5-953C-4BBF-896F-DBDAB813BAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data."
}
],
"id": "CVE-2001-0516",
"lastModified": "2024-11-20T23:35:33.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-03 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle9i | enterprise_9.0.1 | |
| oracle | oracle9i | enterprise_9.2.0 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | personal_9.0.1 | |
| oracle | oracle9i | personal_9.2 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | standard_9.0 | |
| oracle | oracle9i | standard_9.0.1 | |
| oracle | oracle9i | standard_9.0.1.2 | |
| oracle | oracle9i | standard_9.0.1.3 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.2 | |
| oracle | oracle9i | standard_9.2 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions."
}
],
"evaluatorSolution": "This was fixed in Oracle 9i Database Release 2, version 9.2.0.3.",
"id": "CVE-2003-1208",
"lastModified": "2024-11-20T23:46:36.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/10805"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/240174"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/399806"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/819126"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/846582"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3837"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3838"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3839"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3840"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9587"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/10805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/240174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/399806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/819126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/846582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user."
}
],
"id": "CVE-2004-1365",
"lastModified": "2024-11-20T23:50:42.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax."
}
],
"id": "CVE-2002-0571",
"lastModified": "2024-11-20T23:39:23.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/m-071.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8855.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5236"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/m-071.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8855.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4523"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP."
}
],
"id": "CVE-2003-0095",
"lastModified": "2024-11-20T23:43:56.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6319"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 10:02
Modified
2024-11-21 00:09
Severity ?
Summary
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle10g | enterprise_10.1.0.2 | |
| oracle | oracle10g | enterprise_10.1.0.3 | |
| oracle | oracle10g | enterprise_10.1.0.3.1 | |
| oracle | oracle10g | enterprise_10.1.0.4 | |
| oracle | oracle10g | enterprise_10.2.3 | |
| oracle | oracle10g | personal_10.1.0.2 | |
| oracle | oracle10g | personal_10.1.0.3 | |
| oracle | oracle10g | personal_10.1.0.3.1 | |
| oracle | oracle10g | personal_10.1.0.4 | |
| oracle | oracle10g | personal_10.2.3 | |
| oracle | oracle10g | standard_10.1.0.2 | |
| oracle | oracle10g | standard_10.1.0.3 | |
| oracle | oracle10g | standard_10.1.0.3.1 | |
| oracle | oracle10g | standard_10.1.0.4 | |
| oracle | oracle10g | standard_10.1.0.4.2 | |
| oracle | oracle10g | standard_10.1.0.5 | |
| oracle | oracle10g | standard_10.2.0.1 | |
| oracle | oracle10g | standard_10.2.3 | |
| oracle | oracle9i | enterprise_9.2.0 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | enterprise_9.2.0.3 | |
| oracle | oracle9i | enterprise_9.2.0.5 | |
| oracle | oracle9i | enterprise_9.2.0.6 | |
| oracle | oracle9i | personal_9.2 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | personal_9.2.0.3 | |
| oracle | oracle9i | personal_9.2.0.5 | |
| oracle | oracle9i | personal_9.2.0.6 | |
| oracle | oracle9i | standard_9.2 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 | |
| oracle | oracle9i | standard_9.2.0.3 | |
| oracle | oracle9i | standard_9.2.0.5 | |
| oracle | oracle9i | standard_9.2.0.6 | |
| oracle | oracle9i | standard_9.2.0.7 | |
| oracle | oracle9i | standard_9.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4E604B-6C0D-474F-A3A9-B07EF0A7D2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8667E51F-86A9-4181-8FCC-BECC6F50913B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A53BEE7A-7AB6-4B18-80C3-3B4DE8358E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C84E349-48A8-4800-A300-AACEC8659656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323353FE-7ECD-4668-BDB1-3E5CA8F3F9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4237F0-BE51-4FCD-9CF1-83E54723390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C22848A7-D0FD-46FD-897E-2658FA809DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8975840-9843-4034-BBED-B31A9BA16DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A39665-BB49-4135-9850-8CF9E69546FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2764001-8B54-47AD-A265-0C0B0F691A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA2727-2F53-470F-AF58-1B33B7A5B7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAD20B6-258F-4093-BEE0-99F11D61A61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B900301-8AC5-43BD-BD2B-639419885820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7518D-DA17-4C63-B35F-6CAAA9F96EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9B1EAF-ED2D-4B3A-9EB7-5FEB9E6B684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50411FCF-8173-458D-B18A-4F7DE7E81A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "397FC5F3-27E7-4BD7-9348-E671640327FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99255D3E-41FF-4D2F-A11B-9563997F4110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with \"SELECT\" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view."
}
],
"id": "CVE-2006-1705",
"lastModified": "2024-11-21T00:09:32.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19574"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015886"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/805737"
},
{
"source": "cve@mitre.org",
"url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17426"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1297"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/805737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101301440005580&w=2 | ||
| cve@mitre.org | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/698467 | US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/4034 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101301440005580&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/698467 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4034 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa."
}
],
"id": "CVE-2002-0562",
"lastModified": "2024-11-20T23:39:22.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4034"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 7.3.3 | |
| oracle | database_server | 7.3.4 | |
| oracle | database_server | 8.0.1 | |
| oracle | database_server | 8.0.2 | |
| oracle | database_server | 8.0.3 | |
| oracle | database_server | 8.0.4 | |
| oracle | database_server | 8.0.5 | |
| oracle | database_server | 8.0.5.1 | |
| oracle | database_server | 8.0.6 | |
| oracle | database_server | 8.1.5 | |
| oracle | database_server | 8.1.6 | |
| oracle | database_server | 8.1.7 | |
| oracle | database_server | 9.2.1 | |
| oracle | database_server | 9.2.2 | |
| oracle | oracle8i | 8.0.6 | |
| oracle | oracle8i | 8.0.6.3 | |
| oracle | oracle8i | 8.0x | |
| oracle | oracle8i | 8.1.5 | |
| oracle | oracle8i | 8.1.6 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle8i | 8.1.7.4 | |
| oracle | oracle8i | 8.1x | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 | |
| oracle | oracle9i | 9.0.1.2 | |
| oracle | oracle9i | 9.0.1.3 | |
| oracle | oracle9i | 9.0.1.4 | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | 9.2.0.1 | |
| oracle | oracle9i | 9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE5CF5D-4649-4E3A-9328-47224065384F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07BAF7-3A9A-426B-9536-72EAB8984A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3104552F-31AD-4CBE-8F6E-5E410D2F9EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3651861-9C23-4AB1-B795-E44C912B8AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F232E30-578B-440E-98FE-A52FF171F11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7675AD-40A0-4BC5-9823-3AC330EE95CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92829B90-6F6A-4FAF-85A9-731D4F3212C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC6CED6-002B-4C69-A700-70FE667BAB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB401046-E029-4CD1-A937-E9E70A081BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "453891B9-C354-461F-97FA-330165B92255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06DFEC36-C9D3-42C3-8686-4EB2C9728B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20080479-4A8C-4C12-B7E0-46802804719D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0x:*:*:*:*:*:*:*",
"matchCriteriaId": "90E55590-6728-49CC-9635-C3580DDD7A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CC9E21-8D32-400F-A1C9-F270C28A8D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1x:*:*:*:*:*:*:*",
"matchCriteriaId": "6A134A96-A2EA-43C3-962B-5395FC62571A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA959EE-44EE-4B81-B7D3-E1C4B9B29FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79C42FED-8E75-4AAD-9870-CD16508DDF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34E38EFA-AEFB-4B9E-913C-FFE3C2DABFC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar c\u00f3digo arbitrario mediante una consulta \"CREATE DATABASE LINK\" conteniendo una cadena de conexi\u00f3n con un par\u00e1metro USING largo."
}
],
"id": "CVE-2003-0222",
"lastModified": "2024-11-20T23:44:15.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7453"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 10.2.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 | |
| oracle | oracle9i | 9.0.1.2 | |
| oracle | oracle9i | 9.0.1.3 | |
| oracle | oracle9i | 9.0.1.4 | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | 9.0.2.0.0 | |
| oracle | oracle9i | 9.0.2.0.1 | |
| oracle | oracle9i | 9.0.2.1 | |
| oracle | oracle9i | 9.0.2.2 | |
| oracle | oracle9i | 9.0.2.3 | |
| oracle | oracle9i | 9.2.0.1 | |
| oracle | oracle9i | 9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:10.2.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "ABF498E5-F7DF-41F4-BC47-AB66E69BC89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA959EE-44EE-4B81-B7D3-E1C4B9B29FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7598BA-C4F9-46C7-A90D-F80697EA9E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52D7F1A-7ADF-439B-9FF6-BF0D18CEF3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA75E1-6ED1-400E-9BBE-1890D7D0FA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D24685E-293E-4292-A7FC-E463723FFA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1207BD-F50A-4E5E-89E8-E016AF356149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79C42FED-8E75-4AAD-9870-CD16508DDF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34E38EFA-AEFB-4B9E-913C-FFE3C2DABFC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters."
}
],
"id": "CVE-2004-1339",
"lastModified": "2024-11-20T23:50:38.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 10.2.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 | |
| oracle | oracle9i | 9.0.1.2 | |
| oracle | oracle9i | 9.0.1.3 | |
| oracle | oracle9i | 9.0.1.4 | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | 9.0.2.0.0 | |
| oracle | oracle9i | 9.0.2.0.1 | |
| oracle | oracle9i | 9.0.2.1 | |
| oracle | oracle9i | 9.0.2.2 | |
| oracle | oracle9i | 9.0.2.3 | |
| oracle | oracle9i | 9.2.0.1 | |
| oracle | oracle9i | 9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:10.2.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "ABF498E5-F7DF-41F4-BC47-AB66E69BC89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA959EE-44EE-4B81-B7D3-E1C4B9B29FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7598BA-C4F9-46C7-A90D-F80697EA9E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52D7F1A-7ADF-439B-9FF6-BF0D18CEF3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA75E1-6ED1-400E-9BBE-1890D7D0FA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D24685E-293E-4292-A7FC-E463723FFA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1207BD-F50A-4E5E-89E8-E016AF356149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79C42FED-8E75-4AAD-9870-CD16508DDF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34E38EFA-AEFB-4B9E-913C-FFE3C2DABFC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions."
}
],
"id": "CVE-2004-1338",
"lastModified": "2024-11-20T23:50:38.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-11 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 10.1.0.2 | |
| oracle | application_server | 10.1.0.3 | |
| oracle | application_server | 10.1.0.3.1 | |
| oracle | oracle10g | enterprise_10.1.0.2 | |
| oracle | oracle10g | enterprise_10.1.0.3 | |
| oracle | oracle10g | enterprise_10.1.0.3.1 | |
| oracle | oracle10g | personal_10.1.0.2 | |
| oracle | oracle10g | personal_10.1.0.3 | |
| oracle | oracle10g | personal_10.1.0.3.1 | |
| oracle | oracle10g | standard_10.1.0.2 | |
| oracle | oracle10g | standard_10.1.0.3 | |
| oracle | oracle10g | standard_10.1.0.3.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 | |
| oracle | oracle9i | 9.0.1.2 | |
| oracle | oracle9i | 9.0.1.3 | |
| oracle | oracle9i | 9.0.1.4 | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | 9.2.0.1 | |
| oracle | oracle9i | 9.2.0.2 | |
| oracle | oracle9i | release_2_9.2.1 | |
| oracle | oracle9i | release_2_9.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1B82E1-D1AD-46F2-8B95-117F38563FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC5FDD9-F24C-4DA2-9CE3-96522DB4A10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDECF110-F375-4A3C-8BA9-1CF69B6EF027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4E604B-6C0D-474F-A3A9-B07EF0A7D2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8667E51F-86A9-4181-8FCC-BECC6F50913B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C84E349-48A8-4800-A300-AACEC8659656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323353FE-7ECD-4668-BDB1-3E5CA8F3F9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4237F0-BE51-4FCD-9CF1-83E54723390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8975840-9843-4034-BBED-B31A9BA16DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A39665-BB49-4135-9850-8CF9E69546FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2764001-8B54-47AD-A265-0C0B0F691A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA959EE-44EE-4B81-B7D3-E1C4B9B29FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79C42FED-8E75-4AAD-9870-CD16508DDF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34E38EFA-AEFB-4B9E-913C-FFE3C2DABFC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A742D865-D856-4E44-8C18-82A40E2D85D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C190DB-8DA7-4858-A646-A62567AFF689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection."
}
],
"evaluatorSolution": "Applying patchset 10.1.0.4 is fixing this issue for Oracle 10g. Oracle 9i is still vulnerable.",
"id": "CVE-2005-1495",
"lastModified": "2024-11-20T23:57:28.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/777773"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16258"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/777773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
],
"id": "CVE-2004-1368",
"lastModified": "2024-11-20T23:50:42.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7_.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11D27BB6-DFA0-4CB7-B546-0E00C096BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
],
"id": "CVE-2002-0561",
"lastModified": "2024-11-20T23:39:22.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4292"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
}
],
"id": "CVE-2004-1370",
"lastModified": "2024-11-20T23:50:43.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
}
],
"id": "CVE-2004-1366",
"lastModified": "2024-11-20T23:50:42.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 8.0.1 | |
| oracle | database_server | 8.0.2 | |
| oracle | database_server | 8.0.3 | |
| oracle | database_server | 8.0.4 | |
| oracle | database_server | 8.0.5 | |
| oracle | database_server | 8.0.5.1 | |
| oracle | database_server | 8.0.6 | |
| oracle | database_server | 8.1.5 | |
| oracle | database_server | 8.1.6 | |
| oracle | database_server | 8.1.7 | |
| oracle | database_server | 8.1.7.0.0 | |
| oracle | oracle8i | 8.1.5 | |
| oracle | oracle8i | 8.1.6 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle8i | enterprise_8.0.5.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.1 | |
| oracle | oracle8i | enterprise_8.1.5.0.0 | |
| oracle | oracle8i | enterprise_8.1.5.0.2 | |
| oracle | oracle8i | enterprise_8.1.5.1.0 | |
| oracle | oracle8i | enterprise_8.1.6.0.0 | |
| oracle | oracle8i | enterprise_8.1.6.1.0 | |
| oracle | oracle8i | enterprise_8.1.7.0.0 | |
| oracle | oracle8i | enterprise_8.1.7.1.0 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3104552F-31AD-4CBE-8F6E-5E410D2F9EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3651861-9C23-4AB1-B795-E44C912B8AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F232E30-578B-440E-98FE-A52FF171F11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7675AD-40A0-4BC5-9823-3AC330EE95CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92829B90-6F6A-4FAF-85A9-731D4F3212C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC6CED6-002B-4C69-A700-70FE667BAB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB401046-E029-4CD1-A937-E9E70A081BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "453891B9-C354-461F-97FA-330165B92255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB365BBC-9611-4F6A-99B3-09FEA903E618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BFD76C-1BB0-4227-AD6E-D6CBC426900B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "390EFE5A-C0D0-4BC0-9B27-3D8D3039A651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0CBCA0-A0D1-4B0D-ABA5-2DF86294259C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49EB78D7-01BA-4903-A7F7-F12608112E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34DC1C91-85DC-440C-8928-990496D74F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62770611-5C6E-487F-A21D-5BA839466CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7210473-5E57-47A3-ADDE-9E8C4B3121B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2CFD69-2241-4065-8BE2-F654B640EED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73D7AA72-29C3-45FB-87EF-D9AD087774FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52AB4EEE-706E-4CB0-B805-63F514A6073E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process."
}
],
"id": "CVE-2002-0567",
"lastModified": "2024-11-20T23:39:23.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-02 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/12409/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/316206 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/11099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12409/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/316206 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11099 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
}
],
"id": "CVE-2004-0637",
"lastModified": "2024-11-20T23:49:02.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12409/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12409/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle8i | enterprise_8.1.7.4 | |
| oracle | oracle8i | standard_8.1.7.4 | |
| oracle | oracle9i | enterprise_9.0.1.4 | |
| oracle | oracle9i | enterprise_9.0.1.5 | |
| oracle | oracle9i | enterprise_9.2.0.3 | |
| oracle | oracle9i | enterprise_9.2.0.4 | |
| oracle | oracle9i | personal_9.0.1.4 | |
| oracle | oracle9i | personal_9.0.1.5 | |
| oracle | oracle9i | personal_9.2.0.3 | |
| oracle | oracle9i | personal_9.2.0.4 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.1.5 | |
| oracle | oracle9i | standard_9.2.0.3 | |
| oracle | oracle9i | standard_9.2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
],
"id": "CVE-2004-0638",
"lastModified": "2024-11-20T23:49:02.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/805915 | US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/4037 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/805915 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4037 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7_.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11D27BB6-DFA0-4CB7-B546-0E00C096BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type."
}
],
"id": "CVE-2002-0566",
"lastModified": "2024-11-20T23:39:22.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-14 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 9.0.2 | |
| oracle | application_server | 9.0.2.0.0 | |
| oracle | application_server | 9.0.2.0.1 | |
| oracle | application_server | 9.0.2.1 | |
| oracle | application_server | 9.0.2.2 | |
| oracle | application_server | 9.0.2.3 | |
| oracle | application_server | 9.0.3 | |
| oracle | application_server | 9.0.3.1 | |
| oracle | application_server | 9.2.0.6 | |
| oracle | oracle9i | client_9.2.0.1 | |
| oracle | oracle9i | client_9.2.0.2 | |
| oracle | oracle9i | developer_9.0.4 | |
| oracle | oracle9i | enterprise_9.0.1 | |
| oracle | oracle9i | enterprise_9.0.1.4 | |
| oracle | oracle9i | enterprise_9.0.1.5 | |
| oracle | oracle9i | enterprise_9.0.1.5_fips | |
| oracle | oracle9i | enterprise_9.0.4 | |
| oracle | oracle9i | enterprise_9.2.0 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | enterprise_9.2.0.3 | |
| oracle | oracle9i | enterprise_9.2.0.4 | |
| oracle | oracle9i | enterprise_9.2.0.5 | |
| oracle | oracle9i | enterprise_9.2.0.6 | |
| oracle | oracle9i | personal_9.0.1 | |
| oracle | oracle9i | personal_9.0.1.4 | |
| oracle | oracle9i | personal_9.0.1.5 | |
| oracle | oracle9i | personal_9.0.1.5_fips | |
| oracle | oracle9i | personal_9.0.4 | |
| oracle | oracle9i | personal_9.2 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | personal_9.2.0.3 | |
| oracle | oracle9i | personal_9.2.0.4 | |
| oracle | oracle9i | personal_9.2.0.5 | |
| oracle | oracle9i | personal_9.2.0.6 | |
| oracle | oracle9i | standard_9.0 | |
| oracle | oracle9i | standard_9.0.1 | |
| oracle | oracle9i | standard_9.0.1.2 | |
| oracle | oracle9i | standard_9.0.1.3 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.1.5 | |
| oracle | oracle9i | standard_9.0.1.5_fips | |
| oracle | oracle9i | standard_9.0.2 | |
| oracle | oracle9i | standard_9.0.4 | |
| oracle | oracle9i | standard_9.2 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 | |
| oracle | oracle9i | standard_9.2.0.3 | |
| oracle | oracle9i | standard_9.2.0.4 | |
| oracle | oracle9i | standard_9.2.0.5 | |
| oracle | oracle9i | standard_9.2.0.6 | |
| oracle | oracle9i | standard_9.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB37CB05-942B-460C-8F1E-2098A4B5F6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:developer_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68AC36E8-211F-4E0B-A486-2511521D9B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "61ECB215-482D-4E47-A1CE-169ADE17812B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E121A29C-C1EB-47F9-B220-5B5C9EFA9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9B1EAF-ED2D-4B3A-9EB7-5FEB9E6B684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "0F843A2C-2FC8-44E0-84C0-E20186A979CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "957E3BDA-D69B-4FD8-B72A-E8D7C3AB5833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50411FCF-8173-458D-B18A-4F7DE7E81A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "015C96B0-1B89-4ECA-B1BB-AEFFC398088C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE456956-255F-4BA6-B830-356512B5D2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99255D3E-41FF-4D2F-A11B-9563997F4110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request."
}
],
"id": "CVE-2005-3204",
"lastModified": "2024-11-21T00:01:21.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-14T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15991/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/66"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20054"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15034"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15991/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-28 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle8i | 8.1.5 | |
| oracle | oracle8i | 8.1.5.0.0_enterprise | |
| oracle | oracle8i | 8.1.5.0.2_enterprise | |
| oracle | oracle8i | 8.1.5.1.0_enterprise | |
| oracle | oracle8i | 8.1.6 | |
| oracle | oracle8i | 8.1.6.0.0_enterprise | |
| oracle | oracle8i | 8.1.6.1.0_enterprise | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.0.0_enterprise | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle8i | 8.1.7.1.0_enterprise | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 | |
| oracle | oracle9i | 9.0.1.2 | |
| oracle | oracle9i | 9.0.1_3 | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | release_2_9.2.1 | |
| oracle | oracle9i | release_2_9.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6E1F05-FE4C-4657-8C9B-A3719A270B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5.0.2_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DFCB53-E8AC-4EAC-877B-9EBFAF10FEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6E382C-1CBF-481C-9CFA-8EAA3579C269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF058A9-6CB7-4529-B4CE-FAD3E9F875DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "689A1890-747E-4E3D-94CE-5CEF37A64ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "A42CA4B3-410B-401C-98A7-A20348BAB97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7D907B-CABC-40ED-8ABD-C4C659550EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1_3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD638E3-B54A-44E8-A82D-721D6D211D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A742D865-D856-4E44-8C18-82A40E2D85D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C190DB-8DA7-4858-A646-A62567AFF689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command."
},
{
"lang": "es",
"value": "El escuchador TNS en Oracle Net Services de Oracle 9i 9.2.x y 9.0.x, y Oracle 8i 8.1.x, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue o ca\u00edda) mediante un comando SERVICE_CURLOAD."
}
],
"id": "CVE-2002-1118",
"lastModified": "2024-11-20T23:40:38.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-30 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0160E00-D722-40CE-976C-77CB91C1B94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB7896F-B5E6-4182-85F0-11A04A16F961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEBABBB-DC11-4A8B-8C8A-A05D144F11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5E7916-B077-4EE8-AD9E-FA118019E035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F03E1EB3-EB24-4A18-9DA1-AB6243C48221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33A069-8301-4AD5-BDD3-8371DA394EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C87F621-3405-4754-8112-87078CDC2554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC67B4E-CCFE-4ACB-B3FF-7A6133219F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99255D3E-41FF-4D2F-A11B-9563997F4110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
],
"id": "CVE-2004-1707",
"lastModified": "2024-11-20T23:51:33.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10829"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
],
"id": "CVE-2004-1367",
"lastModified": "2024-11-20T23:50:42.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "795F83D5-953C-4BBF-896F-DBDAB813BAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port."
}
],
"id": "CVE-2001-0513",
"lastModified": "2024-11-20T23:35:32.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/105259"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5600"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise81.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/105259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise81.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6717"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-03 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server_portal | 3.0.9.8.5 | |
| oracle | application_server_portal | 9.0.2.3 | |
| oracle | application_server_portal | 9.0.2.3a | |
| oracle | application_server_portal | 9.0.2.3b | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | 9.0.2.0.0 | |
| oracle | oracle9i | 9.0.2.0.1 | |
| oracle | oracle9i | 9.0.2.1 | |
| oracle | oracle9i | 9.0.2.2 | |
| oracle | oracle9i | 9.0.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB7896F-B5E6-4182-85F0-11A04A16F961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEBABBB-DC11-4A8B-8C8A-A05D144F11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5E7916-B077-4EE8-AD9E-FA118019E035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F03E1EB3-EB24-4A18-9DA1-AB6243C48221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7598BA-C4F9-46C7-A90D-F80697EA9E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52D7F1A-7ADF-439B-9FF6-BF0D18CEF3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA75E1-6ED1-400E-9BBE-1890D7D0FA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D24685E-293E-4292-A7FC-E463723FFA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1207BD-F50A-4E5E-89E8-E016AF356149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
],
"id": "CVE-2003-1193",
"lastModified": "2024-11-20T23:46:34.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8966"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature."
},
{
"lang": "es",
"value": "El servidor SQL*NET para Oracle 9i 9.0.x y 9.2 permite a atacantes remotos causar una denegaci\u00f3n de sevicio (ca\u00edda) mediante ciertas peticiones de depuraci\u00f3n que no son adecuadamente manejadas por la caracter\u00edstica de depuraci\u00f3n"
}
],
"id": "CVE-2002-0856",
"lastModified": "2024-11-20T23:40:02.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html"
},
{
"source": "cve@mitre.org",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9237.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9237.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5457"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9i_application_server:*:*:*:*:*:*:*",
"matchCriteriaId": "0D51C24E-B1DB-4C48-A2C3-7A75C93E764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure."
}
],
"id": "CVE-2004-1371",
"lastModified": "2024-11-20T23:50:43.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
}
],
"id": "CVE-2004-1362",
"lastModified": "2024-11-20T23:50:41.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "795F83D5-953C-4BBF-896F-DBDAB813BAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang."
}
],
"id": "CVE-2001-0518",
"lastModified": "2024-11-20T23:35:33.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/alerts.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/alerts.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6716"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| cve@mitre.org | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-08.html | US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/193523 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.nextgenss.com/papers/hpoas.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-08.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/193523 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nextgenss.com/papers/hpoas.pdf |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials."
}
],
"id": "CVE-2002-0564",
"lastModified": "2024-11-20T23:39:22.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8C65AE-EF3B-4B02-B260-B32FB674956D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "795F83D5-953C-4BBF-896F-DBDAB813BAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges."
},
{
"lang": "es",
"value": "catsnmp en Oracle 9i y 8i se instala con un usario dbsnmp con una contrase\u00f1a por defecto, lo que permite a atacantes realizar operac\u00edones restringidadas en la base de datos y posiblemente ganar otros privilegios."
}
],
"id": "CVE-2002-0858",
"lastModified": "2024-11-20T23:40:02.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9476"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521."
},
{
"lang": "es",
"value": "Transparent Network Substrate (TNS) Listener en Oracle 9i 9.0.1.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (satur\u00e1ci\u00f3n de CPU) mediante un paquete TCP malformado al puerto 1521."
}
],
"id": "CVE-2002-0509",
"lastModified": "2024-11-20T23:39:15.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/264697"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8657.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/264697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8657.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4391"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-18 11:03
Modified
2024-11-21 00:06
Severity ?
Summary
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 8.1.7.4 | |
| oracle | oracle10g | enterprise_10.1.0.4 | |
| oracle | oracle10g | personal_10.1.0.4 | |
| oracle | oracle10g | standard_10.1.0.4 | |
| oracle | oracle8i | enterprise_8.1.7.4 | |
| oracle | oracle8i | standard_8.1.7.4 | |
| oracle | oracle9i | enterprise_9.0.1.5 | |
| oracle | oracle9i | enterprise_9.0.1.5_fips | |
| oracle | oracle9i | standard_9.2.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "61ECB215-482D-4E47-A1CE-169ADE17812B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
}
],
"id": "CVE-2006-0262",
"lastModified": "2024-11-21T00:06:03.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-18T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
}
],
"id": "CVE-2004-1364",
"lastModified": "2024-11-20T23:50:42.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file."
}
],
"id": "CVE-2002-0965",
"lastModified": "2024-11-20T23:40:17.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/276526"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9288.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630091"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/276526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9288.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4845"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/476619 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.nextgenss.com/papers/hpoas.pdf | ||
| cve@mitre.org | http://www.securityfocus.com/bid/4290 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/476619 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nextgenss.com/papers/hpoas.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4290 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
],
"id": "CVE-2002-0568",
"lastModified": "2024-11-20T23:39:23.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 21:22
Modified
2024-11-21 00:02
Severity ?
Summary
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 7.0.2 | |
| oracle | database_server | 7.0.64 | |
| oracle | database_server | 7.1.3 | |
| oracle | database_server | 7.1.5 | |
| oracle | database_server | 7.3.3 | |
| oracle | database_server | 7.3.4 | |
| oracle | database_server | 8.0.1 | |
| oracle | database_server | 8.0.2 | |
| oracle | database_server | 8.0.3 | |
| oracle | database_server | 8.0.4 | |
| oracle | database_server | 8.0.5 | |
| oracle | database_server | 8.0.5.1 | |
| oracle | database_server | 8.0.6 | |
| oracle | database_server | 8.0.6.3 | |
| oracle | database_server | 8.1.5 | |
| oracle | database_server | 8.1.6 | |
| oracle | database_server | 8.1.7 | |
| oracle | database_server | 8.1.7.4 | |
| oracle | database_server_lite | 5.0 | |
| oracle | database_server_lite | 5.0.1.0.0 | |
| oracle | database_server_lite | 5.0.2.0.0 | |
| oracle | database_server_lite | 5.0.2.9.0 | |
| oracle | oracle10g | enterprise_9.0.4.0 | |
| oracle | oracle10g | enterprise_10.1.0.2 | |
| oracle | oracle10g | enterprise_10.1.0.3 | |
| oracle | oracle10g | enterprise_10.1.0.3.1 | |
| oracle | oracle10g | enterprise_10.1.0.4 | |
| oracle | oracle10g | personal_9.0.4.0 | |
| oracle | oracle10g | personal_10.1.0.2 | |
| oracle | oracle10g | personal_10.1.0.3 | |
| oracle | oracle10g | personal_10.1.0.3.1 | |
| oracle | oracle10g | personal_10.1.0.4 | |
| oracle | oracle10g | standard_9.0.4.0 | |
| oracle | oracle10g | standard_10.1.0.2 | |
| oracle | oracle10g | standard_10.1.0.3 | |
| oracle | oracle10g | standard_10.1.0.3.1 | |
| oracle | oracle10g | standard_10.1.0.4 | |
| oracle | oracle10g | standard_10.1.0.4.2 | |
| oracle | oracle8i | enterprise_8.0.5.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.1 | |
| oracle | oracle8i | enterprise_8.1.5.0.0 | |
| oracle | oracle8i | enterprise_8.1.5.0.2 | |
| oracle | oracle8i | enterprise_8.1.5.1.0 | |
| oracle | oracle8i | enterprise_8.1.6.0.0 | |
| oracle | oracle8i | enterprise_8.1.6.1.0 | |
| oracle | oracle8i | enterprise_8.1.7.0.0 | |
| oracle | oracle8i | enterprise_8.1.7.1.0 | |
| oracle | oracle8i | enterprise_8.1.7.4 | |
| oracle | oracle8i | standard_8.0.6 | |
| oracle | oracle8i | standard_8.0.6.3 | |
| oracle | oracle8i | standard_8.1.5 | |
| oracle | oracle8i | standard_8.1.6 | |
| oracle | oracle8i | standard_8.1.7 | |
| oracle | oracle8i | standard_8.1.7.0.0 | |
| oracle | oracle8i | standard_8.1.7.1 | |
| oracle | oracle8i | standard_8.1.7.4 | |
| oracle | oracle9i | enterprise_8.1.7 | |
| oracle | oracle9i | enterprise_9.0.1 | |
| oracle | oracle9i | enterprise_9.0.1.4 | |
| oracle | oracle9i | enterprise_9.0.1.5 | |
| oracle | oracle9i | enterprise_9.0.1.5_fips | |
| oracle | oracle9i | enterprise_9.0.2.4 | |
| oracle | oracle9i | enterprise_9.0.4 | |
| oracle | oracle9i | enterprise_9.2.0 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | enterprise_9.2.0.3 | |
| oracle | oracle9i | enterprise_9.2.0.5 | |
| oracle | oracle9i | enterprise_9.2.0.6 | |
| oracle | oracle9i | personal_8.1.7 | |
| oracle | oracle9i | personal_9.0.1 | |
| oracle | oracle9i | personal_9.0.1.4 | |
| oracle | oracle9i | personal_9.0.1.5 | |
| oracle | oracle9i | personal_9.0.1.5_fips | |
| oracle | oracle9i | personal_9.0.2.4 | |
| oracle | oracle9i | personal_9.0.4 | |
| oracle | oracle9i | personal_9.2 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | personal_9.2.0.3 | |
| oracle | oracle9i | personal_9.2.0.5 | |
| oracle | oracle9i | personal_9.2.0.6 | |
| oracle | oracle9i | standard_8.1.7 | |
| oracle | oracle9i | standard_9.0 | |
| oracle | oracle9i | standard_9.0.1 | |
| oracle | oracle9i | standard_9.0.1.2 | |
| oracle | oracle9i | standard_9.0.1.3 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.1.5 | |
| oracle | oracle9i | standard_9.0.1.5_fips | |
| oracle | oracle9i | standard_9.0.2 | |
| oracle | oracle9i | standard_9.0.2.4 | |
| oracle | oracle9i | standard_9.0.4 | |
| oracle | oracle9i | standard_9.2 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 | |
| oracle | oracle9i | standard_9.2.0.3 | |
| oracle | oracle9i | standard_9.2.0.5 | |
| oracle | oracle9i | standard_9.2.0.6 | |
| oracle | oracle9i | standard_9.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD33B90-AC5F-42B2-9876-F1649D1CB574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "68D8FF8C-87B9-47E8-8525-81090D736C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6BB5FC-0E9D-4E94-B358-D95C7E3A7A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E66ABE31-E910-40D3-A570-F06ADDBDE42F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE5CF5D-4649-4E3A-9328-47224065384F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07BAF7-3A9A-426B-9536-72EAB8984A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3104552F-31AD-4CBE-8F6E-5E410D2F9EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3651861-9C23-4AB1-B795-E44C912B8AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F232E30-578B-440E-98FE-A52FF171F11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7675AD-40A0-4BC5-9823-3AC330EE95CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92829B90-6F6A-4FAF-85A9-731D4F3212C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC6CED6-002B-4C69-A700-70FE667BAB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FACC77BE-277F-47F9-B50A-2E9CF5D4A965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB401046-E029-4CD1-A937-E9E70A081BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "453891B9-C354-461F-97FA-330165B92255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33A069-8301-4AD5-BDD3-8371DA394EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6093302F-EE5E-4B62-8A23-D5D961C79874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB6A60B-69A5-4659-B8DC-9BC8A2ED9CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAB55DF-D6DE-48EC-9AE3-478E49137339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC89D14C-4E08-475C-953C-D85A9EDFFEC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4E604B-6C0D-474F-A3A9-B07EF0A7D2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8667E51F-86A9-4181-8FCC-BECC6F50913B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9B45B4-47D3-4803-9BDF-783E7CD3A522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C84E349-48A8-4800-A300-AACEC8659656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323353FE-7ECD-4668-BDB1-3E5CA8F3F9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4237F0-BE51-4FCD-9CF1-83E54723390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4FB153-9C3F-4E22-BB42-D99793D4920F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8975840-9843-4034-BBED-B31A9BA16DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A39665-BB49-4135-9850-8CF9E69546FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2764001-8B54-47AD-A265-0C0B0F691A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA2727-2F53-470F-AF58-1B33B7A5B7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BFD76C-1BB0-4227-AD6E-D6CBC426900B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "390EFE5A-C0D0-4BC0-9B27-3D8D3039A651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0CBCA0-A0D1-4B0D-ABA5-2DF86294259C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49EB78D7-01BA-4903-A7F7-F12608112E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34DC1C91-85DC-440C-8928-990496D74F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62770611-5C6E-487F-A21D-5BA839466CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7210473-5E57-47A3-ADDE-9E8C4B3121B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2CFD69-2241-4065-8BE2-F654B640EED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73D7AA72-29C3-45FB-87EF-D9AD087774FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52AB4EEE-706E-4CB0-B805-63F514A6073E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0C29E8-E7CA-4C96-B32F-695808B99AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA38C05-F2C0-435E-B4CC-4CF2C9733CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BED1AEB7-AD53-463F-86F1-FD66F29672BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "61ECB215-482D-4E47-A1CE-169ADE17812B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B754E-B3FB-4ECA-A166-B3C4AB900573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E121A29C-C1EB-47F9-B220-5B5C9EFA9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9B1EAF-ED2D-4B3A-9EB7-5FEB9E6B684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "0F843A2C-2FC8-44E0-84C0-E20186A979CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "62C654BD-6BD7-47C1-9C6D-B488A10ABDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "957E3BDA-D69B-4FD8-B72A-E8D7C3AB5833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50411FCF-8173-458D-B18A-4F7DE7E81A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "015C96B0-1B89-4ECA-B1BB-AEFFC398088C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A313CB63-641A-4984-88ED-FBAEB44AE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE456956-255F-4BA6-B830-356512B5D2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99255D3E-41FF-4D2F-A11B-9563997F4110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
}
],
"id": "CVE-2005-3641",
"lastModified": "2024-11-21T00:02:19.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T21:22:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15450"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-04 11:02
Modified
2024-11-21 00:06
Severity ?
Summary
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:10g_enterprise_manager_grid_control:10.1_.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "916550D9-3EFA-40D6-BB9E-39B07EF745CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:10g_enterprise_manager_grid_control:10.1_.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "187A6276-9004-4D45-B9B5-FFECABC48CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "117EF4D2-3EA8-410E-8721-31C3C41A7B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D809B0B7-70EF-47C5-B91F-923E999CA7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D94B7D50-4527-4C14-8A50-D4C0566F36BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "FE7CAAFD-C15A-4124-933F-C6CCFF35BB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8F5AAE-0365-4E01-AB04-CDC6D58B00B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "58B58DAF-FDF2-4A07-97E1-3CDE2A84670E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B4BAA9-D045-4D2B-8220-47F47ED936DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "A4C5E780-C03A-46DB-85A2-2471AF377206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6C4D36-D9D1-4143-94AA-D8E08F23D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "3341ECC8-1E5F-4436-B056-9CA2BAF659E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:10.1.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "1B8347DA-6C8E-4AFB-BBB1-A34F1339F5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "98A6CD5A-A66F-4A07-B4FC-09B71B776CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FACC77BE-277F-47F9-B50A-2E9CF5D4A965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "831A8D0C-6ABC-43EB-A762-526ED2620C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D276CCCB-3975-496A-B97B-C155BFA7E959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:9.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E85E0292-DF98-4EA4-8DCE-3C94E94A12EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94034D25-B0BA-4B4F-89F3-50227D75B8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B1BE09-4A96-41A3-AA1D-74533F396998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterpriseone:8.95.f1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D118CD-2C73-4AC8-9028-C828262507F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterpriseone:sp23_l1:*:*:*:*:*:*:*",
"matchCriteriaId": "780466DC-6192-4BC0-B1A7-18C70AC4A276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4E604B-6C0D-474F-A3A9-B07EF0A7D2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323353FE-7ECD-4668-BDB1-3E5CA8F3F9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A39665-BB49-4135-9850-8CF9E69546FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA2727-2F53-470F-AF58-1B33B7A5B7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAD20B6-258F-4093-BEE0-99F11D61A61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B900301-8AC5-43BD-BD2B-639419885820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0C29E8-E7CA-4C96-B32F-695808B99AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "61ECB215-482D-4E47-A1CE-169ADE17812B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "397FC5F3-27E7-4BD7-9348-E671640327FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_portal:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1146E890-0911-4BFB-A1C2-6E158C8EA0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B19179B0-0048-43D8-B632-66B4788AB1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "98E19B32-0C02-4E53-AAD4-B95FB6CA7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:workflow:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD884F9-1511-4221-A1C7-3B18076222A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:workflow:11.5.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C6DF37-B648-445C-B17A-D232B35DD639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
}
],
"id": "CVE-2006-0552",
"lastModified": "2024-11-21T00:06:43.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-04T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22549"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
}
],
"id": "CVE-2002-0559",
"lastModified": "2024-11-20T23:39:21.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory."
}
],
"id": "CVE-2004-1369",
"lastModified": "2024-11-20T23:50:42.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7_.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11D27BB6-DFA0-4CB7-B546-0E00C096BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes."
}
],
"id": "CVE-2002-0563",
"lastModified": "2024-11-20T23:39:22.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009167"
},
{
"source": "cve@mitre.org",
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/13152"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/705"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/13152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
}
],
"id": "CVE-2003-0096",
"lastModified": "2024-11-20T23:43:56.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6847"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6848"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-11 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B67BD173-8517-4E97-BC65-D9657C63601A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B392A96F-FD2F-4073-8EED-EB31E1F20FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E130104B-86F5-411E-8AC0-9B4B780BCA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "163A6EF6-7D3F-4B1F-9E03-A8C86562CC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "EB477AFB-EA39-4892-B772-586CF6D2D235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "B35906CD-038E-4243-8A95-F0A3A43F06F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "B940BB85-03F5-46D7-8DC9-2E1E228D3D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "82139FFA-2779-4732-AFA5-4E6E19775899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F717E6-BACD-4C8A-A9C5-516ADA6FEE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "08AB120B-2FEC-4EB3-9777-135D81E809AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7FF669-12E0-4A73-BBA7-250D109148C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB7B1F1-7202-445D-9F96-135DC0AFB1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB7EE53-187E-40A9-9865-0F3EDA2B5A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "9D06AE8A-9BA8-4AA8-ACEA-326CD001E879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "0C57D5C2-EEFC-432B-BAF6-57984578186C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA4CCED-0943-4212-BAC9-23BF51208A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "744F8147-0857-4E9F-BCA4-D24A06F82B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157."
},
{
"lang": "es",
"value": "Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la p\u00e1gina de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el par\u00e1metro UseCanonicalName est\u00e1 desactivado, y est\u00e1 presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la p\u00e1gina mediante la cabecera Host:"
}
],
"id": "CVE-2002-0840",
"lastModified": "2024-11-20T23:39:59.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/862"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5847"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Fixed in Apache HTTP Server 2.0.43 and 1.3.27:\nhttp://httpd.apache.org/security/vulnerabilities_20.html\nhttp://httpd.apache.org/security/vulnerabilities_13.html",
"lastModified": "2008-07-02T00:00:00",
"organization": "Apache"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-11-12 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A742D865-D856-4E44-8C18-82A40E2D85D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C190DB-8DA7-4858-A646-A62567AFF689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la aplicaci\u00f3n web Oracle iSQL*Plus del servidor de bases de datos Oracle 9 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un par\u00e1metro de ID de usuario largo en la URL isqlplus"
}
],
"id": "CVE-2002-1264",
"lastModified": "2024-11-20T23:40:55.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-11-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10524.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10524.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6085"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle8i | enterprise_8.1.5_.0.0 | |
| oracle | oracle8i | enterprise_8.1.5_.0.2 | |
| oracle | oracle8i | enterprise_8.1.5_.1.0 | |
| oracle | oracle8i | enterprise_8.1.6_.0.0 | |
| oracle | oracle8i | enterprise_8.1.6_.1.0 | |
| oracle | oracle8i | enterprise_8.1.7_.0.0 | |
| oracle | oracle8i | enterprise_8.1.7_.1.0 | |
| oracle | oracle8i | standard_8.1.5 | |
| oracle | oracle8i | standard_8.1.6 | |
| oracle | oracle8i | standard_8.1.7 | |
| oracle | oracle8i | standard_8.1.7_.0.0 | |
| oracle | oracle8i | standard_8.1.7_.1 | |
| oracle | oracle8i | standard_8.1.7_.4 | |
| oracle | oracle9i | client_9.2.0.1 | |
| oracle | oracle9i | client_9.2.0.2 | |
| oracle | oracle9i | enterprise_9.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | personal_9.0.1 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | standard_9.0 | |
| oracle | oracle9i | standard_9.0.1 | |
| oracle | oracle9i | standard_9.0.1.2 | |
| oracle | oracle9i | standard_9.0.1.3 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.2 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en la pila en EXTPROC de Oracle 9i Database Release 2 y 1, y Oracle 8i, permite a usuarios autenticados de la base de datos, posiblemente s\u00f3lo aquellos con privilegios CREATE LIBRARY o CREATE ANY LIBRARY, ejecutar c\u00f3digo arbitrario mediante un nombre de librer\u00eda largo."
}
],
"id": "CVE-2003-0634",
"lastModified": "2024-11-20T23:45:11.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-18 11:03
Modified
2024-11-21 00:06
Severity ?
Summary
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "397FC5F3-27E7-4BD7-9348-E671640327FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
}
],
"id": "CVE-2006-0271",
"lastModified": "2024-11-21T00:06:04.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-18T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22566"
},
{
"source": "cve@mitre.org",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns."
}
],
"id": "CVE-2002-0560",
"lastModified": "2024-11-20T23:39:22.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4294"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle9i | enterprise_9.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.4 | |
| oracle | oracle9i | personal_9.0.1 | |
| oracle | oracle9i | personal_9.2.0.4 | |
| oracle | oracle9i | standard_9.0 | |
| oracle | oracle9i | standard_9.0.1 | |
| oracle | oracle9i | standard_9.0.1.2 | |
| oracle | oracle9i | standard_9.0.1.3 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.2 | |
| oracle | oracle9i | standard_9.2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en oracle y oracleO en Oracle 9i Database 9.0.x y 9.2.x anteriores a 9.2.0.4 permite a usuarios locales ejecutar c\u00f3digo arbitrario mediante un argumento de l\u00ednea de comandos muy grande."
}
],
"id": "CVE-2003-0894",
"lastModified": "2024-11-20T23:45:44.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007956"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/496340"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8844"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8845"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/496340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13451"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-18 11:03
Modified
2024-11-21 00:06
Severity ?
Summary
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "397FC5F3-27E7-4BD7-9348-E671640327FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS."
}
],
"id": "CVE-2006-0272",
"lastModified": "2024-11-21T00:06:04.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-18T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "cve@mitre.org",
"url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/891644"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/891644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages."
}
],
"id": "CVE-2002-0565",
"lastModified": "2024-11-20T23:39:22.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/547459"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/547459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2004-1338
Vulnerability from cvelistv5
Published
2005-01-06 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110382230614420&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ngssoftware.com/advisories/oracle23122004I.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18655 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041223 Oracle Trigger Abuse (#NISR2122004I)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"name": "oracle-triggers-gain-privileges(18655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041223 Oracle Trigger Abuse (#NISR2122004I)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"name": "oracle-triggers-gain-privileges(18655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041223 Oracle Trigger Abuse (#NISR2122004I)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004I.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"name": "oracle-triggers-gain-privileges(18655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1338",
"datePublished": "2005-01-06T05:00:00",
"dateReserved": "2005-01-06T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1705
Vulnerability from cvelistv5
Published
2006-04-11 10:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html | mailing-list, x_refsource_FULLDISC | |
| http://www.kb.cert.org/vuls/id/805737 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25696 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/19574 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015886 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/1297 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/17426 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/430434/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
},
{
"name": "VU#805737",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/805737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
},
{
"name": "oracle-base-table-data-manipulation(25696)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
},
{
"name": "19574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19574"
},
{
"name": "1015886",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015886"
},
{
"name": "ADV-2006-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1297"
},
{
"name": "17426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17426"
},
{
"name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with \"SELECT\" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
},
{
"name": "VU#805737",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/805737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
},
{
"name": "oracle-base-table-data-manipulation(25696)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
},
{
"name": "19574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19574"
},
{
"name": "1015886",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015886"
},
{
"name": "ADV-2006-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1297"
},
{
"name": "17426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17426"
},
{
"name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with \"SELECT\" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
},
{
"name": "VU#805737",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/805737"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
},
{
"name": "oracle-base-table-data-manipulation(25696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
},
{
"name": "19574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19574"
},
{
"name": "1015886",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015886"
},
{
"name": "ADV-2006-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1297"
},
{
"name": "17426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17426"
},
{
"name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1705",
"datePublished": "2006-04-11T10:00:00",
"dateReserved": "2006-04-10T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0272
Vulnerability from cvelistv5
Published
2006-01-18 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "TA06-018A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
},
{
"name": "VU#891644",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/891644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
},
{
"name": "oracle-xdbdbmx-xmlschema-bo(24376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "TA06-018A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
},
{
"name": "VU#891644",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/891644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
},
{
"name": "oracle-xdbdbmx-xmlschema-bo(24376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
},
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "TA06-018A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
},
{
"name": "VU#891644",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/891644"
},
{
"name": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt",
"refsource": "MISC",
"url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
},
{
"name": "oracle-xdbdbmx-xmlschema-bo(24376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0272",
"datePublished": "2006-01-18T11:00:00",
"dateReserved": "2006-01-18T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3204
Vulnerability from cvelistv5
Published
2005-10-14 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/66 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/15034 | vdb-entry, x_refsource_BID | |
| http://www.red-database-security.com/advisory/oracle_xmldb_css.html | x_refsource_MISC | |
| http://secunia.com/advisories/15991/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22541 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=112870541502542&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/20054 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/66"
},
{
"name": "15034",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
},
{
"name": "15991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15991/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
},
{
"name": "oracle-xmldb-xss(22541)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
},
{
"name": "20054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/66"
},
{
"name": "15034",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
},
{
"name": "15991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15991/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
},
{
"name": "oracle-xmldb-xss(22541)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
},
{
"name": "20054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/66"
},
{
"name": "15034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15034"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
},
{
"name": "15991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15991/"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
},
{
"name": "oracle-xmldb-xss(22541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
},
{
"name": "20054",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3204",
"datePublished": "2005-10-14T04:00:00",
"dateReserved": "2005-10-14T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0894
Vulnerability from cvelistv5
Published
2003-10-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/8844 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/8845 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/496340 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13451 | vdb-entry, x_refsource_XF | |
| http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1007956 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8844"
},
{
"name": "8845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8845"
},
{
"name": "VU#496340",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/496340"
},
{
"name": "oracle-oracleo-binaries-bo(13451)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf"
},
{
"name": "1007956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8844"
},
{
"name": "8845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8845"
},
{
"name": "VU#496340",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/496340"
},
{
"name": "oracle-oracleo-binaries-bo(13451)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf"
},
{
"name": "1007956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8844"
},
{
"name": "8845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8845"
},
{
"name": "VU#496340",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/496340"
},
{
"name": "oracle-oracleo-binaries-bo(13451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13451"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf"
},
{
"name": "1007956",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0894",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-24T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1208
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-08 02:19
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-multiple-function-bo(15060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
},
{
"name": "VU#399806",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/399806"
},
{
"name": "3840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3840"
},
{
"name": "O-093",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
},
{
"name": "10805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10805"
},
{
"name": "VU#819126",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/819126"
},
{
"name": "3838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3838"
},
{
"name": "VU#240174",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/240174"
},
{
"name": "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
},
{
"name": "9587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9587"
},
{
"name": "3839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3839"
},
{
"name": "VU#846582",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/846582"
},
{
"name": "3837",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3837"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-multiple-function-bo(15060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
},
{
"name": "VU#399806",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/399806"
},
{
"name": "3840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3840"
},
{
"name": "O-093",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
},
{
"name": "10805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10805"
},
{
"name": "VU#819126",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/819126"
},
{
"name": "3838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3838"
},
{
"name": "VU#240174",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/240174"
},
{
"name": "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
},
{
"name": "9587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9587"
},
{
"name": "3839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3839"
},
{
"name": "VU#846582",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/846582"
},
{
"name": "3837",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3837"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-multiple-function-bo(15060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
},
{
"name": "VU#399806",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/399806"
},
{
"name": "3840",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3840"
},
{
"name": "O-093",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
},
{
"name": "10805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10805"
},
{
"name": "VU#819126",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/819126"
},
{
"name": "3838",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3838"
},
{
"name": "VU#240174",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/240174"
},
{
"name": "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
},
{
"name": "9587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9587"
},
{
"name": "3839",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3839"
},
{
"name": "VU#846582",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/846582"
},
{
"name": "3837",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3837"
},
{
"name": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
},
{
"name": "http://www.nextgenss.com/advisories/ora_from_tz.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
},
{
"name": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
},
{
"name": "http://www.nextgenss.com/advisories/ora_time_zone.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1208",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1118
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/10283.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5678 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"name": "oracle-net-services-dos(10283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"name": "5678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5678"
},
{
"name": "20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"name": "oracle-net-services-dos(10283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"name": "5678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5678"
},
{
"name": "20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"name": "oracle-net-services-dos(10283)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"name": "5678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5678"
},
{
"name": "20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1118",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-09T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0513
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6717 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/105259 | third-party-advisory, x_refsource_CERT-VN | |
| http://xforce.iss.net/alerts/advise81.php | third-party-advisory, x_refsource_ISS | |
| http://www.osvdb.org/5600 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-listener-redirect-dos(6717)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6717"
},
{
"name": "VU#105259",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/105259"
},
{
"name": "20010619 Oracle Redirect Denial of Service",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/alerts/advise81.php"
},
{
"name": "5600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-listener-redirect-dos(6717)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6717"
},
{
"name": "VU#105259",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/105259"
},
{
"name": "20010619 Oracle Redirect Denial of Service",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/alerts/advise81.php"
},
{
"name": "5600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-listener-redirect-dos(6717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6717"
},
{
"name": "VU#105259",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/105259"
},
{
"name": "20010619 Oracle Redirect Denial of Service",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise81.php"
},
{
"name": "5600",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0513",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-06-13T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0858
Vulnerability from cvelistv5
Published
2002-08-20 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102918005402808&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9932.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/9476 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020812 Vulnerability in Oracle",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"name": "oracle-catsnmp-default-account(9932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"name": "9476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020812 Vulnerability in Oracle",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"name": "oracle-catsnmp-default-account(9932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"name": "9476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020812 Vulnerability in Oracle",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"name": "oracle-catsnmp-default-account(9932)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"name": "9476",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0858",
"datePublished": "2002-08-20T04:00:00",
"dateReserved": "2002-08-15T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1362
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18657 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/435974 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.ngssoftware.com/advisories/oracle23122004G.txt | x_refsource_MISC | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=110382306006205&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-character-conversion-gain-privileges(18657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-character-conversion-gain-privileges(18657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-character-conversion-gain-privileges(18657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"name": "VU#435974",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004G.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1362",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0571
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ciac.org/ciac/bulletins/m-071.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8855.php | vdb-entry, x_refsource_XF | |
| http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4523 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/5236 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "M-071",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/m-071.shtml"
},
{
"name": "20020416 ansi outer join syntax in Oracle allows access to any data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html"
},
{
"name": "oracle-ansi-sql-bypass-acl(8855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8855.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf"
},
{
"name": "4523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4523"
},
{
"name": "5236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "M-071",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/m-071.shtml"
},
{
"name": "20020416 ansi outer join syntax in Oracle allows access to any data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html"
},
{
"name": "oracle-ansi-sql-bypass-acl(8855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8855.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf"
},
{
"name": "4523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4523"
},
{
"name": "5236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "M-071",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-071.shtml"
},
{
"name": "20020416 ansi outer join syntax in Oracle allows access to any data",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html"
},
{
"name": "oracle-ansi-sql-bypass-acl(8855)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8855.php"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf"
},
{
"name": "4523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4523"
},
{
"name": "5236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0571",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0262
Vulnerability from cvelistv5
Published
2006-01-18 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18493 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0323 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16287 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/545804 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1015499 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/0243 | vdb-entry, x_refsource_VUPEN | |
| http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18608 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0262",
"datePublished": "2006-01-18T11:00:00",
"dateReserved": "2006-01-18T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0567
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=101301332402079&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4033 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8089 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/180147 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "20020206 Remote Compromise in Oracle 9i Database Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"name": "4033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"name": "oracle-plsql-remote-access(8089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"name": "VU#180147",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "20020206 Remote Compromise in Oracle 9i Database Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"name": "4033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"name": "oracle-plsql-remote-access(8089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"name": "VU#180147",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "20020206 Remote Compromise in Oracle 9i Database Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"name": "4033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4033"
},
{
"name": "oracle-plsql-remote-access(8089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"name": "VU#180147",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/180147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0567",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0568
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/4290 | vdb-entry, x_refsource_BID | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/476619 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#476619",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#476619",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4290"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#476619",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/476619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0568",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0095
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2003-05.html | third-party-advisory, x_refsource_CERT | |
| http://www.ciac.org/ciac/bulletins/n-046.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.securityfocus.com/bid/6849 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=104549693426042&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/11328.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/6319 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/953746 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "6849",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6849"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"name": "oracle-username-bo(11328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"name": "6319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6319"
},
{
"name": "VU#953746",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "6849",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6849"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"name": "oracle-username-bo(11328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"name": "6319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6319"
},
{
"name": "VU#953746",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2003-05",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "N-046",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "6849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6849"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"name": "oracle-username-bo(11328)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"name": "6319",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6319"
},
{
"name": "VU#953746",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/953746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0095",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-18T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0634
Vulnerability from cvelistv5
Published
2003-08-02 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=105916455814904&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/8267 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12721 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html | mailing-list, x_refsource_VULNWATCH | |
| http://marc.info/?l=ntbugtraq&m=105915485303327&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://www.kb.cert.org/vuls/id/936868 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=105914979629857&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"name": "20030725 question about oracle advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"name": "8267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"name": "oracle-extproc-bo(12721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"name": "20030912 Update to the Oracle EXTPROC advisory",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"name": "VU#936868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"name": "20030725 question about oracle advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"name": "8267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"name": "oracle-extproc-bo(12721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"name": "20030912 Update to the Oracle EXTPROC advisory",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"name": "VU#936868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"name": "20030725 question about oracle advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"name": "8267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8267"
},
{
"name": "oracle-extproc-bo(12721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"name": "20030912 Update to the Oracle EXTPROC advisory",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"name": "VU#936868",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0634",
"datePublished": "2003-08-02T04:00:00",
"dateReserved": "2003-08-01T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0566
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/4037 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/805915 | third-party-advisory, x_refsource_CERT-VN | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"name": "VU#805915",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "oracle-appserver-plsql-pls-dos(8099)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"name": "VU#805915",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "oracle-appserver-plsql-pls-dos(8099)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4037"
},
{
"name": "VU#805915",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "oracle-appserver-plsql-pls-dos(8099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0566",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1370
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004H.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110382596129607&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18665 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "oracle-procedure-sql-injection(18665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "oracle-procedure-sql-injection(18665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004H.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "oracle-procedure-sql-injection(18665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1370",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1368
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18656 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110382264415387&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ngssoftware.com/advisories/oracle23122004E.txt | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/435974 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-isqlplus-file-access(18656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-isqlplus-file-access(18656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-isqlplus-file-access(18656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004E.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name": "VU#435974",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1368",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0096
Vulnerability from cvelistv5
Published
2003-02-21 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"name": "VU#743954",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"name": "6850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6850"
},
{
"name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"name": "oracle-bfilename-directory-bo(11325)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"name": "VU#840666",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "oracle-totimestamptz-bo(11327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"name": "6847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6847"
},
{
"name": "oracle-tzoffset-bo(11326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"name": "6848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6848"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"name": "VU#663786",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-17T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"name": "VU#743954",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"name": "6850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6850"
},
{
"name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"name": "oracle-bfilename-directory-bo(11325)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"name": "VU#840666",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "oracle-totimestamptz-bo(11327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"name": "6847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6847"
},
{
"name": "oracle-tzoffset-bo(11326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"name": "6848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6848"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"name": "VU#663786",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"name": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"name": "VU#743954",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"name": "6850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6850"
},
{
"name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"name": "oracle-bfilename-directory-bo(11325)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"name": "VU#840666",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"name": "CA-2003-05",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"name": "N-046",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "oracle-totimestamptz-bo(11327)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"name": "http://www.nextgenss.com/advisories/ora-bfilebo.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"name": "6847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6847"
},
{
"name": "oracle-tzoffset-bo(11326)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"name": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"name": "6848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6848"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"name": "VU#663786",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0096",
"datePublished": "2003-02-21T05:00:00",
"dateReserved": "2003-02-18T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0271
Vulnerability from cvelistv5
Published
2006-01-18 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 | vdb-entry, x_refsource_XF | |
| http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html | x_refsource_MISC | |
| http://secunia.com/advisories/18493 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0323 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16287 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/545804 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/22566 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015499 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/0243 | vdb-entry, x_refsource_VUPEN | |
| http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18608 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "22566",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22566"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "22566",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22566"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "22566",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22566"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0271",
"datePublished": "2006-01-18T11:00:00",
"dateReserved": "2006-01-18T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2244
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/10936 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15270 | vdb-entry, x_refsource_XF | |
| http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/9703 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/4011 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:12.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10936"
},
{
"name": "oracle-soap-dos(15270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
},
{
"name": "9703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9703"
},
{
"name": "4011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10936"
},
{
"name": "oracle-soap-dos(15270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
},
{
"name": "9703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9703"
},
{
"name": "4011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10936"
},
{
"name": "oracle-soap-dos(15270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
},
{
"name": "9703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9703"
},
{
"name": "4011",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2244",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:12.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0637
Vulnerability from cvelistv5
Published
2005-04-14 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11099 | vdb-entry, x_refsource_BID | |
| http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/12409/ | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11099"
},
{
"name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "12409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12409/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11099"
},
{
"name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "12409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12409/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11099"
},
{
"name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "12409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12409/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0637",
"datePublished": "2005-04-14T04:00:00",
"dateReserved": "2004-07-07T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1339
Vulnerability from cvelistv5
Published
2005-01-06 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110382230614420&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ngssoftware.com/advisories/oracle23122004I.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18655 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041223 Oracle Trigger Abuse (#NISR2122004I)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"name": "oracle-triggers-gain-privileges(18655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041223 Oracle Trigger Abuse (#NISR2122004I)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"name": "oracle-triggers-gain-privileges(18655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041223 Oracle Trigger Abuse (#NISR2122004I)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382230614420\u0026w=2"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004I.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt"
},
{
"name": "oracle-triggers-gain-privileges(18655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1339",
"datePublished": "2005-01-06T05:00:00",
"dateReserved": "2005-01-06T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3641
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/papers/database-on-xp.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/15450 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"name": "15450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"name": "15450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/papers/database-on-xp.pdf",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"name": "15450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3641",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:46.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6703
Vulnerability from cvelistv5
Published
2006-12-23 01:00
Modified
2024-08-07 20:34
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/455143/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/5143 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/21717 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:34:00.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
},
{
"name": "ADV-2006-5143",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5143"
},
{
"name": "21717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
},
{
"name": "ADV-2006-5143",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5143"
},
{
"name": "21717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
},
{
"name": "ADV-2006-5143",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5143"
},
{
"name": "21717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6703",
"datePublished": "2006-12-23T01:00:00",
"dateReserved": "2006-12-22T00:00:00",
"dateUpdated": "2024-08-07T20:34:00.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0965
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/630091 | third-party-advisory, x_refsource_CERT-VN | |
| http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4845 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/276526 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9288.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:15.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#630091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/630091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf"
},
{
"name": "4845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4845"
},
{
"name": "20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/276526"
},
{
"name": "oracle-listener-servicename-bo(9288)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9288.php"
},
{
"name": "20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#630091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/630091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf"
},
{
"name": "4845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4845"
},
{
"name": "20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/276526"
},
{
"name": "oracle-listener-servicename-bo(9288)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9288.php"
},
{
"name": "20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#630091",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/630091"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf"
},
{
"name": "4845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4845"
},
{
"name": "20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276526"
},
{
"name": "oracle-listener-servicename-bo(9288)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9288.php"
},
{
"name": "20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0965",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T03:12:15.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1365
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004C.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18662 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110382471608835&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"name": "oracle-extproc-command-execution(18662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"name": "20041223 Oracle extproc local command execution (#NISR23122004C)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"name": "oracle-extproc-command-execution(18662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"name": "20041223 Oracle extproc local command execution (#NISR23122004C)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004C.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"name": "oracle-extproc-command-execution(18662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"name": "20041223 Oracle extproc local command execution (#NISR23122004C)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1365",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0565
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/547459 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8100 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4034 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=101301440005580&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#547459",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/547459"
},
{
"name": "oracle-appserver-oraclejsp-view-info(8100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8100"
},
{
"name": "4034",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#547459",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/547459"
},
{
"name": "oracle-appserver-oraclejsp-view-info(8100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8100"
},
{
"name": "4034",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#547459",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/547459"
},
{
"name": "oracle-appserver-oraclejsp-view-info(8100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8100"
},
{
"name": "4034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0565",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0563
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4293 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8455 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/13152 | vdb-entry, x_refsource_OSVDB | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://securitytracker.com/id?1009167 | vdb-entry, x_refsource_SECTRACK | |
| http://www.appsecinc.com/Policy/PolicyCheck7024.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/168795 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.osvdb.org/705 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"name": "oracle-appserver-apache-services(8455)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "13152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/13152"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "1009167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009167"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"name": "VU#168795",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "705",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"name": "oracle-appserver-apache-services(8455)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "13152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/13152"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "1009167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009167"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"name": "VU#168795",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "705",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4293"
},
{
"name": "oracle-appserver-apache-services(8455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "13152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13152"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "1009167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009167"
},
{
"name": "http://www.appsecinc.com/Policy/PolicyCheck7024.html",
"refsource": "MISC",
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"name": "VU#168795",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "705",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0563",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1264
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=103643298712284&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/10524.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.osvdb.org/4013 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/6085 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf"
},
{
"name": "20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2"
},
{
"name": "oracle-isqlplus-userid-bo(10524)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10524.php"
},
{
"name": "20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html"
},
{
"name": "4013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4013"
},
{
"name": "6085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6085"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf"
},
{
"name": "20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2"
},
{
"name": "oracle-isqlplus-userid-bo(10524)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10524.php"
},
{
"name": "20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html"
},
{
"name": "4013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4013"
},
{
"name": "6085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6085"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf",
"refsource": "CONFIRM",
"url": "http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf"
},
{
"name": "20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2"
},
{
"name": "oracle-isqlplus-userid-bo(10524)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10524.php"
},
{
"name": "20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html"
},
{
"name": "4013",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4013"
},
{
"name": "6085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6085"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1264",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-11-04T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1363
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18659 | vdb-entry, x_refsource_XF | |
| http://www.ngssoftware.com/advisories/oracle23122004.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110382345829397&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-extproc-library-bo(18659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004.txt"
},
{
"name": "20041223 Oracle extproc buffer overflow (#NISR23122004A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382345829397\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-extproc-library-bo(18659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004.txt"
},
{
"name": "20041223 Oracle extproc buffer overflow (#NISR23122004A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382345829397\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-extproc-library-bo(18659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18659"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004.txt"
},
{
"name": "20041223 Oracle extproc buffer overflow (#NISR23122004A)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382345829397\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1363",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0856
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html | mailing-list, x_refsource_VULNWATCH | |
| http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf | x_refsource_CONFIRM | |
| http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941 | third-party-advisory, x_refsource_ISS | |
| http://www.iss.net/security_center/static/9237.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5457 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf"
},
{
"name": "20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941"
},
{
"name": "oracle-listener-debug-dos(9237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9237.php"
},
{
"name": "5457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf"
},
{
"name": "20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941"
},
{
"name": "oracle-listener-debug-dos(9237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9237.php"
},
{
"name": "5457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf"
},
{
"name": "20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET",
"refsource": "ISS",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941"
},
{
"name": "oracle-listener-debug-dos(9237)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9237.php"
},
{
"name": "5457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0856",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-13T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1369
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004F.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18664 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110382524401468&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"name": "oracle-tnslsnr-nsgr-dos(18664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"name": "20041223 Oracle TNS Listener DoS (#NISR2122004F)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"name": "oracle-tnslsnr-nsgr-dos(18664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"name": "20041223 Oracle TNS Listener DoS (#NISR2122004F)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004F.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"name": "oracle-tnslsnr-nsgr-dos(18664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"name": "20041223 Oracle TNS Listener DoS (#NISR2122004F)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1369",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0561
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4292 | vdb-entry, x_refsource_BID | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/611776 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "4292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4292"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#611776",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "4292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4292"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#611776",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "4292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4292"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#611776",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0561",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1367
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110382247308064&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.ngssoftware.com/advisories/oracle23122004D.txt | x_refsource_MISC | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1367",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0840
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "HPSBUX0210-224",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "DSA-187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "DSA-195",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "CLA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"name": "RHSA-2002:243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/862"
},
{
"name": "RHSA-2002:222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"name": "RHSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"name": "RHSA-2002:251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"name": "apache-http-host-xss(10241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"name": "20021105-02-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"name": "VU#240329",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"name": "5847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5847"
},
{
"name": "RHSA-2002:248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:10:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "HPSBUX0210-224",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "DSA-187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "DSA-195",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "CLA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"name": "RHSA-2002:243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/862"
},
{
"name": "RHSA-2002:222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"name": "RHSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"name": "RHSA-2002:251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"name": "apache-http-host-xss(10241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"name": "20021105-02-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"name": "VU#240329",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"name": "5847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5847"
},
{
"name": "RHSA-2002:248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"name": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "HPSBUX0210-224",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "DSA-187",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"name": "http://www.apacheweek.com/issues/02-10-04",
"refsource": "CONFIRM",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "DSA-195",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "CLA-2002:530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"name": "RHSA-2002:243",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "862",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/862"
},
{
"name": "RHSA-2002:222",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"name": "RHSA-2003:106",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"name": "RHSA-2002:251",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"name": "apache-http-host-xss(10241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"name": "20021105-02-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"name": "VU#240329",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"name": "5847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5847"
},
{
"name": "RHSA-2002:248",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0840",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-08-08T00:00:00",
"dateUpdated": "2024-08-08T03:03:48.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0560
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/307835 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4294 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "VU#307835",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "VU#307835",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "VU#307835",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0560",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0222
Vulnerability from cvelistv5
Published
2003-04-30 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105162831008176&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ciac.org/ciac/bulletins/n-085.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11885 | vdb-entry, x_refsource_XF | |
| http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf | x_refsource_CONFIRM | |
| http://marc.info/?l=ntbugtraq&m=105163376015735&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://www.securityfocus.com/bid/7453 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"name": "N-085",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"name": "oracle-database-link-bo(11885)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"name": "7453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"name": "N-085",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"name": "oracle-database-link-bo(11885)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"name": "7453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"name": "N-085",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"name": "oracle-database-link-bo(11885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"name": "7453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0222",
"datePublished": "2003-04-30T04:00:00",
"dateReserved": "2003-04-29T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1193
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 02:19
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/343520 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13593 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/8966 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1193",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1364
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18658 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/454861/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=110382406002365&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.ngssoftware.com/advisories/oracle23122004B.txt | x_refsource_MISC | |
| http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-extproc-directory-traversal(18658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-extproc-directory-traversal(18658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-extproc-directory-traversal(18658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004B.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"name": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql",
"refsource": "MISC",
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1364",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1371
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004J.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110382570313035&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18666 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"name": "20041223 Oracle wrapped procedure overflow (#NISR2122004J)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "oracle-wrapped-procedure-bo(18666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"name": "20041223 Oracle wrapped procedure overflow (#NISR2122004J)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "oracle-wrapped-procedure-bo(18666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004J.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"name": "20041223 Oracle wrapped procedure overflow (#NISR2122004J)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "oracle-wrapped-procedure-bo(18666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1371",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1707
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12205 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16839 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109147677214087&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10829 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10829"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1707",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0518
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xforce.iss.net/alerts/advise82.php | third-party-advisory, x_refsource_ISS | |
| http://otn.oracle.com/deploy/security/alerts.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6716 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/alerts.htm"
},
{
"name": "oracle-listener-fragmentation-dos(6716)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6716"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/alerts.htm"
},
{
"name": "oracle-listener-fragmentation-dos(6716)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6716"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"name": "http://otn.oracle.com/deploy/security/alerts.htm",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/alerts.htm"
},
{
"name": "oracle-listener-fragmentation-dos(6716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6716"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0518",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-06-13T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0562
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/698467 | third-party-advisory, x_refsource_CERT-VN | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4034 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=101301440005580&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#698467",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4034",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#698467",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4034",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#698467",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0562",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0552
Vulnerability from cvelistv5
Published
2006-02-04 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/22549 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18493 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0323 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16287 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/545804 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1015499 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/0243 | vdb-entry, x_refsource_VUPEN | |
| http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18608 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22549"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22549"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22549",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22549"
},
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0552",
"datePublished": "2006-02-04T11:00:00",
"dateReserved": "2006-02-04T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0559
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#750299",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"name": "VU#878603",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"name": "oracle-appserver-plsql-adddad-bo(8098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#659043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"name": "oracle-appserver-plsql-cache-bo(8097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"name": "oracle-appserver-plsql-authclient-bo(8096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"name": "20020206 Multiple Buffer Overflows in Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"name": "VU#313280",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4032",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"name": "oracle-appserver-plsql-bo(8095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"name": "VU#923395",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#750299",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"name": "VU#878603",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"name": "oracle-appserver-plsql-adddad-bo(8098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#659043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"name": "oracle-appserver-plsql-cache-bo(8097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"name": "oracle-appserver-plsql-authclient-bo(8096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"name": "20020206 Multiple Buffer Overflows in Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"name": "VU#313280",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4032",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"name": "oracle-appserver-plsql-bo(8095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"name": "VU#923395",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#750299",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"name": "VU#878603",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"name": "oracle-appserver-plsql-adddad-bo(8098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#659043",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"name": "oracle-appserver-plsql-cache-bo(8097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"name": "oracle-appserver-plsql-authclient-bo(8096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"name": "20020206 Multiple Buffer Overflows in Oracle 9iAS",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"name": "VU#313280",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4032"
},
{
"name": "oracle-appserver-plsql-bo(8095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"name": "VU#923395",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/923395"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0559",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0638
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17254 | vdb-entry, x_refsource_XF | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securityfocus.com/bid/11100 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html | mailing-list, x_refsource_FULLDISC | |
| http://www.red-database-security.com/advisory/advisory_20040903_3.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-dbmssystem-bo(17254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "11100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-dbmssystem-bo(17254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "11100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-dbmssystem-bo(17254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "11100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11100"
},
{
"name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"name": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0638",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2004-07-07T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1495
Vulnerability from cvelistv5
Published
2005-05-11 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16258 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/777773 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20407 | vdb-entry, x_refsource_XF | |
| http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=111531683824209&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16258"
},
{
"name": "VU#777773",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/777773"
},
{
"name": "oracle-audit-data-manipulation(20407)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
},
{
"name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16258"
},
{
"name": "VU#777773",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/777773"
},
{
"name": "oracle-audit-data-manipulation(20407)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
},
{
"name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16258"
},
{
"name": "VU#777773",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/777773"
},
{
"name": "oracle-audit-data-manipulation(20407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
},
{
"name": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
},
{
"name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1495",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0564
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/193523 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#193523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#193523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#193523",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/193523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0564",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1366
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18661 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/385323 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.ngssoftware.com/advisories/oracle23122004D.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-sysman-password-plaintext(18661)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-sysman-password-plaintext(18661)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-sysman-password-plaintext(18661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1366",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0509
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4391 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/8657.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/264697 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4391",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4391"
},
{
"name": "oracle-tns-onetcp-dos(8657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8657.php"
},
{
"name": "20020328 Oracle9i TSN DoS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/264697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4391",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4391"
},
{
"name": "oracle-tns-onetcp-dos(8657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8657.php"
},
{
"name": "20020328 Oracle9i TSN DoS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/264697"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4391"
},
{
"name": "oracle-tns-onetcp-dos(8657)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8657.php"
},
{
"name": "20020328 Oracle9i TSN DoS Attack",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/264697"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0509",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0516
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xforce.iss.net/alerts/advise82.php | third-party-advisory, x_refsource_ISS | |
| http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0516",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-06-13T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}