CVE-2007-5508
N/A
N/A
Summary
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
- http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/
- http://www.vupen.com/english/advisories/2007/3524
- http://www.vupen.com/english/advisories/2007/3626
- http://www.us-cert.gov/cas/techalerts/TA07-290A.html
- http://marc.info/?l=bugtraq&m=119332677525918&w=2
- http://www.securityfocus.com/archive/1/482425/100/0/threaded
- http://securityreason.com/securityalert/3242
- http://www.securityfocus.com/bid/26101
- http://marc.info/?l=bugtraq&m=119332677525918&w=2
- http://www.securitytracker.com/id?1018823
- http://secunia.com/advisories/27409
- http://secunia.com/advisories/27251
References
- http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
- http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/
- http://www.vupen.com/english/advisories/2007/3524
- http://www.vupen.com/english/advisories/2007/3626
- http://www.us-cert.gov/cas/techalerts/TA07-290A.html
- http://marc.info/?l=bugtraq&m=119332677525918&w=2
- http://www.securityfocus.com/archive/1/482425/100/0/threaded
- http://securityreason.com/securityalert/3242
- http://www.securityfocus.com/bid/26101
- http://marc.info/?l=bugtraq&m=119332677525918&w=2
- http://www.securitytracker.com/id?1018823
- http://secunia.com/advisories/27409
- http://secunia.com/advisories/27251
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.