ID CVE-2010-0870
Summary Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:9.2.0.8
  • Oracle Database Server 9.2.0.8DV
    cpe:2.3:a:oracle:database_server:9.2.0.8dv
CVSS
Base: 3.6 (as of 14-04-2010 - 13:44)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
metasploit via4
description The module exploits an sql injection flaw in the DROP_CHANGE_SOURCE procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege.
id MSF:AUXILIARY/SQLI/ORACLE/DBMS_CDC_PUBLISH2
last seen 2019-03-20
modified 2017-07-24
published 2010-04-26
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb
title Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE
refmap via4
cert TA10-103B
confirm http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
secunia 39438
Last major update 22-10-2012 - 23:20
Published 13-04-2010 - 18:30
Back to Top