CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
80.4%
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | database_server | 10.1.0.5 | cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:* |
oracle | database_server | 10.2.0.3 | cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:* |
marc.info/?l=bugtraq&m=119332677525918&w=2
secunia.com/advisories/27251
secunia.com/advisories/27409
securityreason.com/securityalert/3242
www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/
www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
www.securityfocus.com/archive/1/482425/100/0/threaded
www.securityfocus.com/bid/26101
www.securitytracker.com/id?1018823
www.us-cert.gov/cas/techalerts/TA07-290A.html
www.vupen.com/english/advisories/2007/3524
www.vupen.com/english/advisories/2007/3626
More