CVE-2007-0268
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado públicamente por investigadores confiables de que DB01 es para inyección SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de búfer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-16 CVE Reserved
- 2007-01-17 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/32907 | Vdb Entry | |
| http://osvdb.org/32913 | Vdb Entry | |
| http://osvdb.org/32921 | Vdb Entry | |
| http://securitytracker.com/id?1017522 | Vdb Entry | |
| http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html | X_refsource_confirm |
|
| http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/458005/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/458475/100/100/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/22083 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/23794 | 2018-10-16 | |
| http://www.kb.cert.org/vuls/id/221788 | 2018-10-16 | |
| http://www.us-cert.gov/cas/techalerts/TA07-017A.html | 2018-10-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 9.0.1.5 Search vendor "Oracle" for product "Database Server" and version "9.0.1.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 9.2.0.7 Search vendor "Oracle" for product "Database Server" and version "9.2.0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.1.0.5 Search vendor "Oracle" for product "Database Server" and version "10.1.0.5" | - |
Affected
| ||||||