PT-2007-5085 · Oracle · Oracle Database
Published
2007-07-18
·
Updated
2017-07-29
·
CVE-2007-3854
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Oracle Database versions 9.0.1.5 and later, 9.2.0.7, 10.1.0.5
Description:
The issue affects the Oracle Database due to unspecified vulnerabilities in the Advanced Queuing and Spatial components. These vulnerabilities can be exploited by remote authenticated users and may allow for SQL injection via
SYS.DBMS PRVTAQIS and a buffer overflow via MDSYS.MD.Recommendations:
For Oracle Database version 9.0.1.5 and later, consider restricting access to the
SYS.DBMS PRVTAQIS and MDSYS.MD components until a patch is available.
For Oracle Database version 9.2.0.7, restrict access to the SYS.DBMS PRVTAQIS and MDSYS.MD components until a patch is available.
For Oracle Database version 10.1.0.5, restrict access to the SYS.DBMS PRVTAQIS and MDSYS.MD components until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Database