CVE-2006-7216

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://db.apache.org/derby/releases/release-10.2.1.6.html	Patch
http://issues.apache.org/jira/browse/DERBY-1708	Patch
http://db.apache.org/derby/releases/release-10.2.1.6.html	Patch
http://issues.apache.org/jira/browse/DERBY-1708	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:derby:10.1.1.0:::::::*
	cpe:2.3:a:apache:derby:10.1.2.1:::::::*
	cpe:2.3:a:apache:derby:10.1.3.1:::::::*

History

21 Nov 2024, 00:24

Type	Values Removed	Values Added
References	~~() http://db.apache.org/derby/releases/release-10.2.1.6.html - Patch~~	() http://db.apache.org/derby/releases/release-10.2.1.6.html - Patch
References	~~() http://issues.apache.org/jira/browse/DERBY-1708 - Patch~~	() http://issues.apache.org/jira/browse/DERBY-1708 - Patch

Information

Published : 2007-07-05 20:30

Updated : 2024-11-21 00:24

NVD link : CVE-2006-7216

Mitre link : CVE-2006-7216

CVE.ORG link : CVE-2006-7216

JSON object : View

Products Affected

apache

derby

CWE

NVD-CWE-Other

{"id": "CVE-2006-7216", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-05T20:30:00.000", "references": [{"url": "http://db.apache.org/derby/releases/release-10.2.1.6.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://issues.apache.org/jira/browse/DERBY-1708", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://db.apache.org/derby/releases/release-10.2.1.6.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://issues.apache.org/jira/browse/DERBY-1708", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables."}, {"lang": "es", "value": "Apache Derby anterior a 10.2.1.6 no determina los requisitos de privilegios para las sentencias de bloqueo de tabla en tiempo de compilaci\u00f3n, y consecuentemente no fuerza los requisitos de privilegios en tiempo de ejecuci\u00f3n, lo cual permite a usuarios autenticados remotamente bloquear tablas de su elecci\u00f3n."}], "lastModified": "2024-11-21T00:24:39.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:derby:10.1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "909C93D8-EE69-4614-90A4-29289DA6D700"}, {"criteria": "cpe:2.3:a:apache:derby:10.1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF090933-1AC8-4B23-94AE-C9AD0F6372B2"}, {"criteria": "cpe:2.3:a:apache:derby:10.1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06539EB-A87C-47C2-8E13-88D9B1CAD7D8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}