CVE-2007-2114

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11).

Varias vulnerabilidades no especificadas en Oracle Database versiones 10.1.0.5 y 10.2.0.2 tienen un impacto desconocido y vectores de ataque autenticados remotos, relacionados con (1) Change Data Capture (CDC), también se conoce como DB08, y (2) Oracle Instant Client, también se conoce como DB11. NOTA: a partir de 24-04-2007, oracle no ha cuestionado las afirmaciones confiables de que estos problemas son desbordamientos de búfer utilizando un largo parámetro CHANGE_TABLE_NAME para el procedimiento DBMS_CDC_IPUBLISH.CHGTAB_CACHE (DB08) y el programa genezi de Oracle Client (DB11)

*Credits: N/A

CVSS Scores

NISTv2 9.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-04-18 CVE Reserved
2007-04-18 CVE Published
2024-08-07 CVE Updated
2024-10-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf	X_refsource_misc
http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf	X_refsource_misc
http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html	X_refsource_confirm
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html	X_refsource_misc
http://www.securityfocus.com/bid/23532	Vdb Entry
http://www.securitytracker.com/id?1017927	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-108A.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.securityfocus.com/archive/1/466329/100/200/threaded	2018-10-16
http://www.vupen.com/english/advisories/2007/1426	2018-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Database Server Search vendor "Oracle" for product "Database Server"				10.1.0.5 Search vendor "Oracle" for product "Database Server" and version "10.1.0.5"		-		Affected
Oracle Search vendor "Oracle"		Database Server Search vendor "Oracle" for product "Database Server"				10.2.0.2 Search vendor "Oracle" for product "Database Server" and version "10.2.0.2"		-		Affected