CVE-2006-3702
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081.
Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, y 10.2.0.2 tienen un impacto desconocido y vectores de ataque, también conocido como Oracle Vuln# (1) DB06 en Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 para Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, y (16) DBC04 para RPC; y(17) DB20 para Semantic Analysis. NOTA: en fecha 20060719, Oracle no ha disputado a terceros que DB06 está relacionado con la “inyección SQL” utilizando DBMS_EXPORT_EXTENSION con una rutina ODCIIndexGetMetadata y una llamada a GET_DOMAIN_INDEX_METADATA, en cuyo caso DB06 podría estar CVE-2006-2081.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-07-18 CVE Reserved
- 2006-07-19 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1016529 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/932124 | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html | X_refsource_confirm |
|
| http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html | X_refsource_misc | |
| http://www.us-cert.gov/cas/techalerts/TA06-200A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27897 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html | 2018-10-18 | |
| http://www.securityfocus.com/bid/19054 | 2018-10-18 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/21111 | 2018-10-18 | |
| http://secunia.com/advisories/21165 | 2018-10-18 | |
| http://www.securityfocus.com/archive/1/440758/100/100/threaded | 2018-10-18 | |
| http://www.vupen.com/english/advisories/2006/2863 | 2018-10-18 | |
| http://www.vupen.com/english/advisories/2006/2947 | 2018-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 8.1.7.4 Search vendor "Oracle" for product "Database Server" and version "8.1.7.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 9.2.0.7 Search vendor "Oracle" for product "Database Server" and version "9.2.0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.1.0.5 Search vendor "Oracle" for product "Database Server" and version "10.1.0.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.2.0.2 Search vendor "Oracle" for product "Database Server" and version "10.2.0.2" | - |
Affected
| ||||||