CVE-2006-7216 - Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at

CVE-2006-7216

Summary

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

References

http://db.apache.org/derby/releases/release-10.2.1.6.html
http://issues.apache.org/jira/browse/DERBY-1708

Vulnerable Configurations

cpe:2.3:a:apache:derby:10.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.1.3.1:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 05-09-2008 - 21:16)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm

http://db.apache.org/derby/releases/release-10.2.1.6.html
http://issues.apache.org/jira/browse/DERBY-1708

Last major update

05-09-2008 - 21:16

Published

05-07-2007 - 20:30

Last modified

05-09-2008 - 21:16