Vulnerabilities > CVE-2007-2115 - Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.2/9.2.0.7
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_APR_2007.NASL |
description | The remote Oracle database server is missing the April 2007 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Adanced Queuing - Advanced Replication - Authentication - Core RDBMS - Oracle Agent - Oracle Data Capture (CDC) - Oracle Instant Client - Oracle Streams - Oracle Text - Oracle Workflow Cartridge - Rules Manager, Expressions Filter - Ultra Search - Upgrade/Downgrade |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56056 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56056 |
title | Oracle Database Multiple Vulnerabilities (April 2007 CPU) |
code |
|
Saint
bid | 23532 |
description | Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow |
id | database_oracle_version |
osvdb | 39933 |
title | oracle_advrep_snap_internal |
type | remote |
References
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
- http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
- http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.securityfocus.com/archive/1/466329/100/200/threaded
- http://www.securityfocus.com/bid/23532
- http://www.securitytracker.com/id?1017927
- http://www.us-cert.gov/cas/techalerts/TA07-108A.html
- http://www.vupen.com/english/advisories/2007/1426