CVE-2007-3853

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 10.1.0.5 through 10.2.0.3

Description: The issue involves multiple unspecified vulnerabilities that allow remote authenticated users to have an unknown impact. The vulnerabilities are located in the following components: (1) JavaVM via DBMS JAVA TEST, (2) Oracle Text, and (3) Spatial via MDSYS.SDO GEOR INT. A researcher claims that one of the vulnerabilities, DB01, is related to SQL injection in DBMS PRVTAQIS.

Recommendations: For Oracle Database versions 10.1.0.5 through 10.2.0.3, consider restricting access to the vulnerable components, such as disabling the DBMS JAVA TEST function in the JavaVM component, limiting access to the Oracle Text component, and restricting the use of MDSYS.SDO GEOR INT in the Spatial component, until a fix is available. Additionally, as a temporary workaround, consider implementing measures to prevent SQL injection attacks, such as input validation and sanitization, for the DBMS PRVTAQIS function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.