Vulnerabilities > CVE-2007-2134 - Multiple vulnerability in Oracle April 2007 Security Update

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

oracle

NVD

Published: 2007-04-18

Updated: 2018-10-16

Summary

Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. The vendor has addressed this issue through the release of the following patch information: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Enterpriseone 8.96.11 Oracle Enterpriseone Sp23_Q1	2

Saint

bid	23532
description	Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow
id	database_oracle_version
osvdb	39933
title	oracle_advrep_snap_internal
type	remote

References

http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
http://www.securityfocus.com/archive/1/466329/100/200/threaded
http://www.securityfocus.com/bid/23532
http://www.securitytracker.com/id?1017927
http://www.us-cert.gov/cas/techalerts/TA07-108A.html
http://www.vupen.com/english/advisories/2007/1426