CVE Vulnerability

CVE-2007-5508

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.

6.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/
http://www.securityfocus.com/bid/26101
http://www.securitytracker.com/id?1018823
http://secunia.com/advisories/27251 Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA07-290A.html US Government Resource
http://secunia.com/advisories/27409
http://securityreason.com/securityalert/3242
http://www.vupen.com/english/advisories/2007/3524
http://marc.info/?l=bugtraq&m=119332677525918&w=2
http://www.vupen.com/english/advisories/2007/3626
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
http://www.securityfocus.com/archive/1/482425/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
Information

Published : 2007-10-17 11:17

Updated : 2018-10-15 09:45

NVD link : CVE-2007-5508

Mitre link : CVE-2007-5508

Products Affected
No products.
CWE
CWE-89