ID CVE-2009-3412
Summary Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html "Fix delivered via Oracle Universal Installer Patch 6640838"
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:application_server:10.1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:10.1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
CVSS
Base: 1.0 (as of 23-10-2012 - 03:11)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:H/Au:S/C:P/I:N/A:N
refmap via4
cert TA10-012A
confirm http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
sectrack 1023438
Last major update 23-10-2012 - 03:11
Published 13-01-2010 - 01:30
Back to Top