CVE-2007-2117
6.9 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.3%
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon.
| CPE | Name | Operator | Version |
|---|---|---|---|
| oracle:database_server | oracle database server | eq | 9.2.0.5 |
References
www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
www.securityfocus.com/archive/1/466329/100/200/threaded
www.securityfocus.com/bid/23532
www.securitytracker.com/id?1017927
www.us-cert.gov/cas/techalerts/TA07-108A.html
www.vupen.com/english/advisories/2007/1426
Social References
More
Related
6.9 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.3%