Lucene search

K
nvd[email protected]NVD:CVE-2006-0271
HistoryJan 18, 2006 - 11:03 a.m.

CVE-2006-0271

2006-01-1811:03:00
web.nvd.nist.gov
8

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.006

Percentile

79.5%

Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.

Affected configurations

Nvd
Node
oracledatabase_serverMatch8.1.7.4
OR
oracleoracle10gMatchenterprise_10.1.0.4
OR
oracleoracle10gMatchpersonal_10.1.0.4
OR
oracleoracle10gMatchstandard_10.1.0.4
OR
oracleoracle8iMatchenterprise_8.1.7.4
OR
oracleoracle8iMatchstandard_8.1.7.4
OR
oracleoracle9iMatchenterprise_9.0.1.5
OR
oracleoracle9iMatchstandard_9.2.0.7
VendorProductVersionCPE
oracledatabase_server8.1.7.4cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
oracleoracle10genterprise_10.1.0.4cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*
oracleoracle10gpersonal_10.1.0.4cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*
oracleoracle10gstandard_10.1.0.4cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*
oracleoracle8ienterprise_8.1.7.4cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*
oracleoracle8istandard_8.1.7.4cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*
oracleoracle9ienterprise_9.0.1.5cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*
oracleoracle9istandard_9.2.0.7cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.006

Percentile

79.5%

Related for NVD:CVE-2006-0271