CVE-2006-1866

Severity Score

9.7

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package.

Múltiples vulnerabilidades no especificadas en Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, y otras versiones tienen impacto y vectores de ataque desconocidos en el (1) componente de Replicación Avanzada, identificado por Vuln#DB01, y (2) el componente Espacial Oracle, identificado por Vuln# DB10.
NOTA: los detalles son inaccesibles desde Oracle, pero en fecha 21/04/2006, no han discutido publicamente una raclamanción por un investigador independiente confiable que indique que DB01 es un asunto desconocido en el paquete de DBMS_REPUTIL, y DB10 es inyección del SQL en las funciones de INSERT_CATALOG, de UPDATE_CATALOG, y de DELETE_CATALOG del paquete SDO_CATALOG.

*Credits: N/A

CVSS Scores

NISTv2 9.7

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-04-20 CVE Reserved
2006-04-20 CVE Published
2024-03-10 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (13)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/139049	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html	X_refsource_confirm
http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html	X_refsource_misc
http://www.us-cert.gov/cas/techalerts/TA06-109A.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26050	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26054	Vdb Entry

URL	Date	SRC
http://www.securityfocus.com/bid/17590	2024-08-07

URL	Date	SRC
http://secunia.com/advisories/19712	2018-10-18
http://securitytracker.com/id?1015961	2018-10-18

URL	Date	SRC
http://secunia.com/advisories/19859	2018-10-18
http://www.securityfocus.com/archive/1/432267/100/0/threaded	2018-10-18
http://www.vupen.com/english/advisories/2006/1397	2018-10-18
http://www.vupen.com/english/advisories/2006/1571	2018-10-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Database Server Search vendor "Oracle" for product "Database Server"				8.1.7.4 Search vendor "Oracle" for product "Database Server" and version "8.1.7.4"		-		Affected
Oracle Search vendor "Oracle"		Database Server Search vendor "Oracle" for product "Database Server"				9.0.1.5 Search vendor "Oracle" for product "Database Server" and version "9.0.1.5"		-		Affected
Oracle Search vendor "Oracle"		Database Server Search vendor "Oracle" for product "Database Server"				9.2.0.7 Search vendor "Oracle" for product "Database Server" and version "9.2.0.7"		-		Affected
Oracle Search vendor "Oracle"		Database Server Search vendor "Oracle" for product "Database Server"				10.1.0.5 Search vendor "Oracle" for product "Database Server" and version "10.1.0.5"		-		Affected