CVE-2006-1876
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package.
Vulnerabilidad no especificada en Oracle Database Server 9.2.0.7 and 10.1.0.4 tiene impacto y vectores de ataque desconocidos en el componente Oracle Spatial, tcc Vuln# DB12. NOTA: no hay detalles disponibles de Oracle, pero desde 20060521, no han disputado públicamente una queja de un investigador independiente fiable que afirma que el problema es inyección de SQL en las funciones (1) GEN_RID_RANGE_BY_AREA y (2) GEN_RID_RANGE en el paquete MDSYS.SDO_PRIDX.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-04-20 CVE Reserved
- 2006-04-20 CVE Published
- 2024-03-10 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/240249 | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html | X_refsource_confirm |
|
| http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26051 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/17590 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://securitytracker.com/id?1015961 | 2018-10-18 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/19712 | 2018-10-18 | |
| http://secunia.com/advisories/19859 | 2018-10-18 | |
| http://www.securityfocus.com/archive/1/432267/100/0/threaded | 2018-10-18 | |
| http://www.vupen.com/english/advisories/2006/1397 | 2018-10-18 | |
| http://www.vupen.com/english/advisories/2006/1571 | 2018-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 9.2.0.7 Search vendor "Oracle" for product "Database Server" and version "9.2.0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.1.0.4 Search vendor "Oracle" for product "Database Server" and version "10.1.0.4" | - |
Affected
| ||||||