Vulnerabilities > CVE-2007-5513 - Unspecified vulnerability in Oracle Database Server 10.1.0.5/9.2.0.8/9.2.0.8Dv

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
oracle
nessus
NVD
Published: 2007-10-17
Updated: 2018-10-15

Summary

The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.

Vulnerable Configurations

Part Description Count
Application
Oracle
3

Nessus

NASL familyDatabases
NASL idORACLE_RDBMS_CPU_OCT_2007.NASL
descriptionThe remote Oracle database server is missing the October 2007 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Security Option - Advanced Queuing - Core RDBMS - Database Control - Export - Import - Oracle Database Vault - Oracle Help for Web - Oracle Internet Directory - Oracle Net Services - Oracle Text - Spatial - SQL Execution - XML DB - Workspace Manager
last seen2020-06-02
modified2011-11-16
plugin id56058
published2011-11-16
reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/56058
titleOracle Database Multiple Vulnerabilities (October 2007 CPU)

References