Lucene search

[email protected]CVE-2005-4832

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4832

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4832

oracle

sql injection

vulnerability

remote authenticated users

elevated privileges

sys.dbms_cdc_subscribe

sys.dbms_cdc_isubscribe

nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.897 High

EPSS

Percentile

98.7%

JSON

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.

CPENameOperatorVersion
oracle:oracle10goracle oracle10geqstandard_10.2.0.1
oracle:oracle10goracle oracle10geqstandard_9.0.4_.0
oracle:oracle10goracle oracle10geqpersonal_10.1.0.3
oracle:oracle10goracle oracle10geqstandard_10.1.0.3.1
oracle:oracle10goracle oracle10geqpersonal_10.1_.0.2
oracle:oracle10goracle oracle10geqenterprise_10.1.0.4
oracle:oracle10goracle oracle10geqenterprise_10.1.0.3
oracle:oracle10goracle oracle10geqenterprise_10.1.0.3.1
oracle:oracle10goracle oracle10geqstandard_10.1.0.2
oracle:oracle10goracle oracle10geqpersonal_9.0.4.0

CPE	Name	Operator	Version
oracle:oracle10g	oracle oracle10g	eq	standard_10.2.0.1
oracle:oracle10g	oracle oracle10g	eq	standard_9.0.4_.0
oracle:oracle10g	oracle oracle10g	eq	personal_10.1.0.3
oracle:oracle10g	oracle oracle10g	eq	standard_10.1.0.3.1
oracle:oracle10g	oracle oracle10g	eq	personal_10.1_.0.2
oracle:oracle10g	oracle oracle10g	eq	enterprise_10.1.0.4
oracle:oracle10g	oracle oracle10g	eq	enterprise_10.1.0.3
oracle:oracle10g	oracle oracle10g	eq	enterprise_10.1.0.3.1
oracle:oracle10g	oracle oracle10g	eq	standard_10.1.0.2
oracle:oracle10g	oracle oracle10g	eq	personal_9.0.4.0

Rows per page:

1-10 of 271

References

www.appsecinc.com/resources/alerts/oracle/2005-02.html

www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt

www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql

www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf

www.securityfocus.com/archive/1/396133

www.securityfocus.com/archive/1/404970

www.securityfocus.com/bid/13236

exchange.xforce.ibmcloud.com/vulnerabilities/20159

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.897 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2005-4832

securityvulns1 nessus1 checkpoint_advisories2 cve1