2 matches found
openSUSE 10 Security Update : derby (derby-4091)
Apache Derby did not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. CVE-2006-7217 This update also brings a new requirement of a Java 1.5 JRE. %NASLMINLEVE...
CVE-2006-7217
CVE-2006-7217 affects Apache Derby prior to 10.2.1.6. The vulnerability arises because the DropSchemaNode bind phase does not correctly enforce schema privilege requirements, allowing remote authenticated users to execute arbitrary DROP SCHEMA statements when SQL authorization mode is in effect. ...