ID CVE-2007-3856
Summary Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:10.2.0.2
  • Oracle Database Server 10g 10.2.0.3
    cpe:2.3:a:oracle:database_server:10.2.0.3
  • cpe:2.3:a:oracle:database_server:9.2.0.7
  • Oracle Database Server 9.2.0.8
    cpe:2.3:a:oracle:database_server:9.2.0.8
  • cpe:2.3:a:oracle:database_server:9.2.0.8dv
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5
CVSS
Base: 6.5 (as of 20-07-2007 - 08:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_JUL_2007.NASL
description The remote Oracle database server is missing the July 2007 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - DataGuard - JavaVM - Oracle Data Mining - Oracle Text - PL/SQL - Rules Manager - Spatial - SQL Compiler
last seen 2019-02-21
modified 2018-11-15
plugin id 56057
published 2011-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56057
title Oracle Database Multiple Vulnerabilities (July 2007 CPU)
refmap via4
cert TA07-200A
confirm http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
hp
  • HPSBMA02133
  • SSRT061201
misc
sectrack 1018415
secunia
  • 26114
  • 26166
vupen
  • ADV-2007-2562
  • ADV-2007-2635
xf oracle-cpu-july2007(35490)
Last major update 22-10-2012 - 22:31
Published 18-07-2007 - 15:30
Last modified 28-07-2017 - 21:32
Back to Top