Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://db.apache.org/derby/releases/release-10.2.1.6.html - Patch | |
References | () http://issues.apache.org/jira/browse/DERBY-1858 - | |
References | () http://secunia.com/advisories/28636 - | |
References | () http://www.novell.com/linux/security/advisories/suse_security_summary_report.html - |
Information
Published : 2007-07-05 20:30
Updated : 2024-11-21 00:24
NVD link : CVE-2006-7217
Mitre link : CVE-2006-7217
CVE.ORG link : CVE-2006-7217
JSON object : View
Products Affected
apache
- derby
CWE