ID CVE-2010-2415
Summary Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
References
Vulnerable Configurations
  • Oracle Database Server 10g 10.1.0.5
    cpe:2.3:a:oracle:database_server:10.1.0.5
  • Oracle Database Server 10g 10.2.0.4
    cpe:2.3:a:oracle:database_server:10.2.0.4
  • Oracle Database Server 11g 11.1.0.7
    cpe:2.3:a:oracle:database_server:11.1.0.7
  • Oracle Database Server 11g 11.2.0.1
    cpe:2.3:a:oracle:database_server:11.2.0.1
CVSS
Base: 4.9 (as of 14-10-2010 - 09:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
metasploit via4
description The module exploits an sql injection flaw in the CREATE_CHANGE_SET procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege.
id MSF:AUXILIARY/SQLI/ORACLE/DBMS_CDC_PUBLISH3
last seen 2019-03-30
modified 2017-07-24
published 2010-10-15
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb
title Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_OCT_2010.NASL
description The remote Oracle database server is missing the October 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Enterprise Manager Console - Java Virtual Machine - Change Data Capture - OLAP - Job Queue - XDK - Core RDBMS - Perl
last seen 2019-02-21
modified 2018-11-15
plugin id 50652
published 2010-11-18
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=50652
title Oracle Database Multiple Vulnerabilities (October 2010 CPU)
refmap via4
cert TA10-287A
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Last major update 11-11-2010 - 01:48
Published 13-10-2010 - 22:00
Back to Top