PT-2007-6532 · Oracle · Oracle Text+2
Publicado
2007-10-17
·
Atualizado
2018-10-15
·
CVE-2007-5508
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Oracle Database versions 10.1.0.5 and 10.2.0.3
Description:
The issue concerns SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands via several procedures, including
THEMES, GIST, TOKENS, FILTER, HIGHLIGHT, and MARKUP. Additionally, remote unauthenticated attack vectors exist when CTXSYS is used with Oracle Application Server.Recommendations:
For Oracle Database version 10.1.0.5, consider restricting access to the CTXSYS Intermedia application until a fix is available.
For Oracle Database version 10.2.0.3, avoid using the vulnerable procedures
THEMES, GIST, TOKENS, FILTER, HIGHLIGHT, and MARKUP in the CTXSYS Intermedia application until the issue is resolved.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Oracle Application Server
Oracle Database
Oracle Text