Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5508

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-5508
Last Modified 22 Oct 2012 10:36:39
Published 17 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-5508

Summary

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.

Vulnerable Systems

Application

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 10.2.0.3


References

CERT - TA07-290A

VUPEN - ADV-2007-3626

VUPEN - ADV-2007-3524

SECTRACK - 1018823

BID - 26101

BUGTRAQ - 20071017 Multiple SQL Injection Flaws in Oracle CTX_DOC package

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

MISC - http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/

SECUNIA - 27251

HP - SSRT061201

SREASON - 3242

SECUNIA - 27409

HP - HPSBMA02133

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html


Last Updated: 27 May 2016 11:01:12