PT-2006-1502 · Oracle · Oracle E-Business Suite/Applications+3
Alexander Kornbrust
+2
·
Published
2006-01-26
·
Updated
2018-10-19
·
CVE-2006-0435
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle Database Server versions 9.2.0.7 through 10.1.0.5
Oracle Application Server versions 1.0.2.2 through 10.1.3.0.0
Oracle E-Business Suite and Applications version 11.5.10
Oracle Collaboration Suite versions 9.0.4.2 through 10.1.2.1
Description
The issue allows attackers to bypass the PLSQLExclusion list, which is supposed to restrict access to certain packages and procedures. This bypass enables attackers to access excluded packages and procedures.
Recommendations
For Oracle Database Server versions 9.2.0.7 through 10.1.0.5, update to a version that includes a fix for this issue.
For Oracle Application Server versions 1.0.2.2 through 10.1.3.0.0, update to a version that includes a fix for this issue.
For Oracle E-Business Suite and Applications version 11.5.10, update to a version that includes a fix for this issue.
For Oracle Collaboration Suite versions 9.0.4.2 through 10.1.2.1, update to a version that includes a fix for this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Application Server
Oracle Collaboration Suite
Oracle Database Server
Oracle E-Business Suite/Applications