CVE-2006-0548
Gravedad CVSS v2.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
04/02/2006
Última modificación:
20/07/2017
Descripción
*** Pendiente de traducción *** SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260.
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
CPE | Desde | Hasta |
---|---|---|
cpe:2.3:a:oracle:database_server:10.1.0.4.2:r1:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf
- http://www.kb.cert.org/vuls/id/150332
- http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
- http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
- http://www.us-cert.gov/cas/techalerts/TA06-018A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321