CVE-2006-3702

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3702
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/21111 Vendor Advisory
http://secunia.com/advisories/21165 Vendor Advisory
http://securitytracker.com/id?1016529
http://www.kb.cert.org/vuls/id/932124 US Government Resource
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html Patch Vendor Advisory
http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html
http://www.securityfocus.com/archive/1/440758/100/100/threaded
http://www.securityfocus.com/archive/1/440758/100/100/threaded
http://www.securityfocus.com/bid/19054 Patch
http://www.us-cert.gov/cas/techalerts/TA06-200A.html US Government Resource
http://www.vupen.com/english/advisories/2006/2863 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2947 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
http://secunia.com/advisories/21111 Vendor Advisory
http://secunia.com/advisories/21165 Vendor Advisory
http://securitytracker.com/id?1016529
http://www.kb.cert.org/vuls/id/932124 US Government Resource
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html Patch Vendor Advisory
http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html
http://www.securityfocus.com/archive/1/440758/100/100/threaded
http://www.securityfocus.com/archive/1/440758/100/100/threaded
http://www.securityfocus.com/bid/19054 Patch
http://www.us-cert.gov/cas/techalerts/TA06-200A.html US Government Resource
http://www.vupen.com/english/advisories/2006/2863 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2947 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.2.0.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:14

Type Values Removed Values Added
References () http://secunia.com/advisories/21111 - Vendor Advisory () http://secunia.com/advisories/21111 - Vendor Advisory
References () http://secunia.com/advisories/21165 - Vendor Advisory () http://secunia.com/advisories/21165 - Vendor Advisory
References () http://securitytracker.com/id?1016529 - () http://securitytracker.com/id?1016529 -
References () http://www.kb.cert.org/vuls/id/932124 - US Government Resource () http://www.kb.cert.org/vuls/id/932124 - US Government Resource
References () http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html - () http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html -
References () http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html - Patch, Vendor Advisory () http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html - Patch, Vendor Advisory
References () http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html - () http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html -
References () http://www.securityfocus.com/archive/1/440758/100/100/threaded - () http://www.securityfocus.com/archive/1/440758/100/100/threaded -
References () http://www.securityfocus.com/bid/19054 - Patch () http://www.securityfocus.com/bid/19054 - Patch
References () http://www.us-cert.gov/cas/techalerts/TA06-200A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-200A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2006/2863 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/2863 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/2947 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/2947 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/27897 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/27897 -
Information

Published : 2006-07-21 14:03

Updated : 2024-11-21 00:14

NVD link : CVE-2006-3702

Mitre link : CVE-2006-3702

CVE.ORG link : CVE-2006-3702

JSON object : View

Products Affected

oracle

  • database_server
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024