Vulnerabilities > CVE-2007-5513 - Unspecified vulnerability in Oracle Database Server 10.1.0.5/9.2.0.8/9.2.0.8Dv
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_OCT_2007.NASL |
description | The remote Oracle database server is missing the October 2007 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Security Option - Advanced Queuing - Core RDBMS - Database Control - Export - Import - Oracle Database Vault - Oracle Help for Web - Oracle Internet Directory - Oracle Net Services - Oracle Text - Spatial - SQL Execution - XML DB - Workspace Manager |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56058 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56058 |
title | Oracle Database Multiple Vulnerabilities (October 2007 CPU) |
References
- http://marc.info/?l=bugtraq&m=119332677525918&w=2
- http://secunia.com/advisories/27251
- http://secunia.com/advisories/27409
- http://securityreason.com/securityalert/3247
- http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/
- http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
- http://www.securityfocus.com/archive/1/482426/100/0/threaded
- http://www.securityfocus.com/bid/26107
- http://www.securitytracker.com/id?1018823
- http://www.us-cert.gov/cas/techalerts/TA07-290A.html
- http://www.vupen.com/english/advisories/2007/3524
- http://www.vupen.com/english/advisories/2007/3626