CVE-2006-5359 - Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Ser

CVE-2006-5359

Summary

Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these issues are related to (a) showenv and (b) parsequery for REP01, and (c) cellwrapper and (d) delimiter for REP02.

References

Vulnerable Configurations

cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 17-10-2018 - 21:42)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	20588
bugtraq	20061023 Various Cross-Site-Scripting Vulnerabilities in Oracle Reports
cert	TA06-291A
confirm	http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
hp	HPSBMA02133 SSRT061201
misc	http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.red-database-security.com/advisory/oracle_reports_css.html
sectrack	1017077
secunia	22396
vupen	ADV-2006-4065

saint via4

bid	20588
description	Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow
id	database_oracle_version
osvdb	31462
title	oracle_spatial_transform_layer
type	remote

Last major update

17-10-2018 - 21:42

Published

18-10-2006 - 01:07

Last modified

17-10-2018 - 21:42