Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0435

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0435
Last Modified 22 Oct 2012 09:56:35
Published 26 Jan 2006 06:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0435

Summary

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.

Vulnerable Systems

Application

  • Oracle Application Server

  • Oracle Application Server 1.0.2

  • Oracle Application Server 1.0.2.0

  • Oracle Application Server 1.0.2.1

  • Oracle Application Server 1.0.2.1s

  • Oracle Application Server 1.0.2.2

  • Oracle Application Server 1.0.2.2.2

  • Oracle Application Server 10.1.0.2

  • Oracle Application Server 10.1.0.3

  • Oracle Application Server 10.1.0.3.1

  • Oracle Application Server 10.1.0.4

  • Oracle Application Server 10.1.2

  • Oracle Application Server 10.1.2 .0.1

  • Oracle Application Server 10.1.2.0.2

  • Oracle Application Server 10.1.2.1.0

  • Oracle Application Server 9.0.2

  • Oracle Application Server 9.0.2.0.0

  • Oracle Application Server 9.0.2.0.1

  • Oracle Application Server 9.0.2.1

  • Oracle Application Server 9.0.2.2

  • Oracle Application Server 9.0.2.3

  • Oracle Application Server 9.0.3

  • Oracle Application Server 9.0.3.1

  • Oracle Application Server 9.0.4.0

  • Oracle Application Server 9.0.4.1

  • Oracle Application Server 9.0.4.2

  • Oracle Application Server 9.2.0.6

  • Oracle Application Server 9.2.0.7

  • Oracle Http Server 1.0.2.0

  • Oracle Http Server 1.0.2.1

  • Oracle Http Server 1.0.2.1s For Apps

  • Oracle Http Server 1.0.2.2

  • Oracle Http Server 1.0.2.2 Roll Up 2

  • Oracle Http Server 8.1.7

  • Oracle Http Server 9.0.1

  • Oracle Http Server 9.0.2

  • Oracle Http Server 9.0.2.3

  • Oracle Http Server 9.0.3.1

  • Oracle Http Server 9.1

  • Oracle Http Server 9.2.0


References

CERT-VN - VU#169164

BUGTRAQ - 20060125 Workaround for unpatched Oracle PLSQL Gateway flaw

SECTRACK - 1015961

XF - oracle-plsql-command-execution(24363)

VUPEN - ADV-2006-1571

VUPEN - ADV-2006-1397

VUPEN - ADV-2006-0338

BID - 16384

HP - HPSBMA02113

BUGTRAQ - 20060208 Re: Workaround for unpatched Oracle PLSQL Gateway flaw

BUGTRAQ - 20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw

BUGTRAQ - 20060202 The History of the Oracle PLSQL Gateway Flaw

BUGTRAQ - 20060131 Re: Workaround for unpatched Oracle PLSQL Gateway flaw

OSVDB - 22719

MISC - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html

SECTRACK - 1015544

SREASON - 403

SREASON - 402

SECUNIA - 19859

SECUNIA - 19712

SECUNIA - 18621

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html

HP - SSRT061148


Last Updated: 27 May 2016 11:01:12