cvelistv5 - cve-2007-0268

CVE-2007-0268 (GCVE-0-2007-0268)

Vulnerability from cvelistv5 – Published: 2007-01-17 02:00 – Updated: 2024-08-07 12:12

Summary

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/32913	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/458475/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/23794	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/32921	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/22083	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/221788	third-party-advisoryx_refsource_CERT-VN
	http://osvdb.org/32907	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/458005/100…	mailing-listx_refsource_BUGTRAQ
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.us-cert.gov/cas/techalerts/TA07-017A.html	third-party-advisoryx_refsource_CERT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://securitytracker.com/id?1017522	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:12:17.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32913",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32913"
          },
          {
            "name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
          },
          {
            "name": "23794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "32921",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32921"
          },
          {
            "name": "22083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "VU#221788",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "name": "32907",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32907"
          },
          {
            "name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "name": "TA07-017A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
          },
          {
            "name": "oracle-cpu-jan2007(31541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "name": "1017522",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32913",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32913"
        },
        {
          "name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
        },
        {
          "name": "23794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23794"
        },
        {
          "name": "32921",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32921"
        },
        {
          "name": "22083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22083"
        },
        {
          "name": "VU#221788",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/221788"
        },
        {
          "name": "32907",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32907"
        },
        {
          "name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
        },
        {
          "name": "TA07-017A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
        },
        {
          "name": "oracle-cpu-jan2007(31541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
        },
        {
          "name": "1017522",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0268",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32913",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32913"
            },
            {
              "name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
            },
            {
              "name": "23794",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23794"
            },
            {
              "name": "32921",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32921"
            },
            {
              "name": "22083",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22083"
            },
            {
              "name": "VU#221788",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/221788"
            },
            {
              "name": "32907",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32907"
            },
            {
              "name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
            },
            {
              "name": "TA07-017A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
            },
            {
              "name": "oracle-cpu-jan2007(31541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
            },
            {
              "name": "1017522",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0268",
    "datePublished": "2007-01-17T02:00:00",
    "dateReserved": "2007-01-16T00:00:00",
    "dateUpdated": "2024-08-07T12:12:17.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6C67572-800C-4214-AD12-E9017A9A5BAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7847CEB-DD8D-45A0-B500-95D511110FB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03A522A3-07D7-481F-A538-EA3D13256F63\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado p\\u00fablicamente por investigadores confiables de que DB01 es para inyecci\\u00f3n SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de b\\u00fafer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED.\"}]",
      "id": "CVE-2007-0268",
      "lastModified": "2024-11-21T00:25:23.927",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-01-17T02:28:00.000",
      "references": "[{\"url\": \"http://osvdb.org/32907\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/32913\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/32921\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23794\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017522\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/221788\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/458005/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/458475/100/100/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22083\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-017A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31541\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/32907\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/32913\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/32921\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/221788\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/458005/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/458475/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22083\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-017A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31541\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0268\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-17T02:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado p\u00fablicamente por investigadores confiables de que DB01 es para inyecci\u00f3n SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de b\u00fafer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6C67572-800C-4214-AD12-E9017A9A5BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7847CEB-DD8D-45A0-B500-95D511110FB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A522A3-07D7-481F-A538-EA3D13256F63\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/32907\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32913\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32921\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23794\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017522\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/221788\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/458005/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/458475/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22083\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-017A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31541\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/32913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/32921\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/221788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/458005/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/458475/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-017A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-062

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectent les produits Oracle et permettent de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Description

De multiples vulnérabilités affectent les produits Oracle. Elles permettent de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données. Certaines de ces vulnérabilités sont exploitables par un utilisateur malveillant non authentifié.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Application Server 10g ;
Oracle	N/A	Oracle Database 9i, 10g ;
Oracle	N/A	Oracle Developer Suite 9, 10.
Oracle	N/A	Oracle Enterprise Manager 10g ;
Oracle	N/A	Oracle E-business Suite Release 11.0 et 11i ;
Oracle	PeopleSoft	Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;
Oracle	N/A	Oracle Identity Management 10g ;

References

Title

Publication Time

Tags

Bulletin Oracle

2007-01-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Application Server 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i, 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Developer Suite 9, 10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-business Suite Release 11.0 et 11i ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Identity Management 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectent les produits Oracle. Elles\npermettent de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es. Certaines de ces vuln\u00e9rabilit\u00e9s sont\nexploitables par un utilisateur malveillant non authentifi\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0297"
    },
    {
      "name": "CVE-2007-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0268"
    },
    {
      "name": "CVE-2007-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0222"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-062",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent les produits \u003cspan\nclass=\"textit\"\u003eOracle\u003c/span\u003e et permettent de porter atteinte \u00e0 la\ndisponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": "2007-01-01",
      "title": "Bulletin Oracle",
      "url": "http://www.oracle.com/technology/deploy/security/critical-path-updates/cpujan2007.html"
    }
  ]
}

CERTA-2007-AVI-062

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectent les produits Oracle et permettent de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Application Server 10g ;
Oracle	N/A	Oracle Database 9i, 10g ;
Oracle	N/A	Oracle Developer Suite 9, 10.
Oracle	N/A	Oracle Enterprise Manager 10g ;
Oracle	N/A	Oracle E-business Suite Release 11.0 et 11i ;
Oracle	PeopleSoft	Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;
Oracle	N/A	Oracle Identity Management 10g ;

References

Title

Publication Time

Tags

Bulletin Oracle

2007-01-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Application Server 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i, 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Developer Suite 9, 10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-business Suite Release 11.0 et 11i ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Identity Management 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectent les produits Oracle. Elles\npermettent de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es. Certaines de ces vuln\u00e9rabilit\u00e9s sont\nexploitables par un utilisateur malveillant non authentifi\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0297"
    },
    {
      "name": "CVE-2007-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0268"
    },
    {
      "name": "CVE-2007-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0222"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-062",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent les produits \u003cspan\nclass=\"textit\"\u003eOracle\u003c/span\u003e et permettent de porter atteinte \u00e0 la\ndisponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": "2007-01-01",
      "title": "Bulletin Oracle",
      "url": "http://www.oracle.com/technology/deploy/security/critical-path-updates/cpujan2007.html"
    }
  ]
}

GHSA-CPMC-6M46-X7GX

Vulnerability from github – Published: 2022-05-01 17:42 – Updated: 2022-05-01 17:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0268"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-17T02:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.",
  "id": "GHSA-cpmc-6m46-x7gx",
  "modified": "2022-05-01T17:42:51Z",
  "published": "2022-05-01T17:42:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0268"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32907"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32913"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32921"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23794"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017522"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/221788"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
    },
    {
      "type": "WEB",
      "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22083"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-0268

Vulnerability from fkie_nvd - Published: 2007-01-17 02:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/32907
cve@mitre.org	http://osvdb.org/32913
cve@mitre.org	http://osvdb.org/32921
cve@mitre.org	http://secunia.com/advisories/23794	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017522
cve@mitre.org	http://www.kb.cert.org/vuls/id/221788	Patch, US Government Resource
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
cve@mitre.org	http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html
cve@mitre.org	http://www.securityfocus.com/archive/1/458005/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/458475/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/bid/22083	Exploit, Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-017A.html	Patch, US Government Resource
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31541
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32907
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32913
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32921
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23794	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017522
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/221788	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
af854a3a-2127-422b-91ae-364da2661108	http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/458005/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/458475/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22083	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-017A.html	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31541

Impacted products

Vendor	Product	Version
oracle	database_server	9.0.1.5
oracle	database_server	9.2.0.7
oracle	database_server	10.1.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C67572-800C-4214-AD12-E9017A9A5BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7847CEB-DD8D-45A0-B500-95D511110FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03A522A3-07D7-481F-A538-EA3D13256F63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado p\u00fablicamente por investigadores confiables de que DB01 es para inyecci\u00f3n SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de b\u00fafer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED."
    }
  ],
  "id": "CVE-2007-0268",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-17T02:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32907"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32913"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32921"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23794"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017522"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/221788"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/22083"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/221788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/22083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-0268

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0268

Aliases

CVE-2007-0268

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0268",
    "description": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.",
    "id": "GSD-2007-0268",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-0268"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0268"
      ],
      "details": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.",
      "id": "GSD-2007-0268",
      "modified": "2023-12-13T01:21:35.733908Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0268",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32913",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32913"
          },
          {
            "name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
          },
          {
            "name": "23794",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "32921",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32921"
          },
          {
            "name": "22083",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "VU#221788",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "name": "32907",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32907"
          },
          {
            "name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "name": "TA07-017A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
          },
          {
            "name": "oracle-cpu-jan2007(31541)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
          },
          {
            "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html",
            "refsource": "MISC",
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "name": "1017522",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017522"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0268"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).  NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
            },
            {
              "name": "TA07-017A",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
            },
            {
              "name": "VU#221788",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/221788"
            },
            {
              "name": "23794",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/23794"
            },
            {
              "name": "1017522",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017522"
            },
            {
              "name": "22083",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/22083"
            },
            {
              "name": "32921",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32921"
            },
            {
              "name": "32913",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32913"
            },
            {
              "name": "32907",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32907"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
            },
            {
              "name": "oracle-cpu-jan2007(31541)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
            },
            {
              "name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"
            },
            {
              "name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:32Z",
      "publishedDate": "2007-01-17T02:28Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0268 (GCVE-0-2007-0268)

CERTA-2007-AVI-062

Description

Solution

CERTA-2007-AVI-062

Description

Solution

GHSA-CPMC-6M46-X7GX

FKIE_CVE-2007-0268

GSD-2007-0268

Tags

Sightings

Nomenclature