PT-2006-1502 · Oracle · Oracle E-Business Suite/Applications+3
Alexander Kornbrust
+2
·
Publicado
2006-01-26
·
Atualizado
2018-10-19
·
CVE-2006-0435
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle Database Server versions 9.2.0.7 through 10.1.0.5
Oracle Application Server versions 1.0.2.2 through 10.1.3.0.0
Oracle E-Business Suite and Applications version 11.5.10
Oracle Collaboration Suite versions 9.0.4.2 through 10.1.2.1
Description
The issue allows attackers to bypass the PLSQLExclusion list, which is supposed to restrict access to certain packages and procedures. This bypass enables attackers to access excluded packages and procedures.
Recommendations
For Oracle Database Server versions 9.2.0.7 through 10.1.0.5, update to a version that includes a fix for this issue.
For Oracle Application Server versions 1.0.2.2 through 10.1.3.0.0, update to a version that includes a fix for this issue.
For Oracle E-Business Suite and Applications version 11.5.10, update to a version that includes a fix for this issue.
For Oracle Collaboration Suite versions 9.0.4.2 through 10.1.2.1, update to a version that includes a fix for this issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Oracle Application Server
Oracle Collaboration Suite
Oracle Database Server
Oracle E-Business Suite/Applications