CVE-2007-2115

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.7, 10.1.0.5, and 10.2.0.2

Description The issue involves an unspecified vulnerability in the Change Data Capture (CDC) component, potentially including multiple SQL injection vulnerabilities in the DBMS CDC PUBLISH. The attack vectors are remote and authenticated, involving java classes in CDC.jar.

Recommendations For Oracle Database version 9.2.0.7, consider restricting access to the DBMS CDC PUBLISH component until a fix is available. For Oracle Database version 10.1.0.5, consider disabling the use of java classes in CDC.jar to minimize the risk of exploitation. For Oracle Database version 10.2.0.2, avoid using the DBMS CDC PUBLISH component with remote authenticated connections until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.