PT-2007-1745 · Oracle · Oracle Database

Alexander Kornbrust

Published

2007-01-17

Updated

2017-07-29

CVE-2007-0273

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3

Description The issue concerns an unspecified vulnerability related to XMLDB, potentially allowing for multiple cross-site scripting (XSS) attacks. The impact and attack vectors of this issue are unknown.

Recommendations For Oracle Database version 9.0.1.5, update to a version that addresses the XMLDB-related issue. For Oracle Database version 9.2.0.8, update to a version that addresses the XMLDB-related issue. For Oracle Database version 10.1.0.5, update to a version that addresses the XMLDB-related issue. For Oracle Database version 10.2.0.3, update to a version that addresses the XMLDB-related issue. As a temporary workaround, consider restricting access to XMLDB components to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0273

Affected Products

Oracle Database

PT-2007-1745 · Oracle · Oracle Database

CVE-2007-0273

Related Identifiers

Affected Products

References · 10