ID CVE-2007-5513
Summary The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-10-2018 - 21:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
non_vulnerable_configuration via4
    refmap via4
    bid 26107
    bugtraq 20071017 Oracle audit issue with XMLDB ftp service
    cert TA07-290A
    confirm http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
    hp
    • HPSBMA02133
    • SSRT061201
    misc http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/
    sectrack 1018823
    secunia
    • 27251
    • 27409
    sreason 3247
    vupen
    • ADV-2007-3524
    • ADV-2007-3626
    vulnerable_product via4
    • cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
    Last major update 15-10-2018 - 21:45
    Published 17-10-2007 - 23:17
    Back to Top