Lucene search

[email protected]CVE-2006-5333

HistoryOct 18, 2006 - 1:07 a.m.

CVE-2006-5333

2006-10-1801:07:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2006-5333

oracle

database

vulnerability

sql injection

remote attack

authentication

7 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.4%

JSON

Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to “create session” privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block.

CPENameOperatorVersion
oracle:database_serveroracle database servereq10.2.0.2

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	10.2.0.2

References

secunia.com/advisories/22396

securitytracker.com/id?1017077

www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf

www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html

www.red-database-security.com/advisory/oracle_cpu_oct_2006.html

www.securityfocus.com/archive/1/449110/100/0/threaded

www.securityfocus.com/archive/1/449711/100/0/threaded

www.securityfocus.com/bid/20588

www.us-cert.gov/cas/techalerts/TA06-291A.html

www.vupen.com/english/advisories/2006/4065

7 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.4%

JSON

Related for CVE-2006-5333

cvelist1 openvas1 nessus1