CVE-2006-1866
Published Apr 20, 2006
Last updated 6 years ago
Overview
- Description
- Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.7
- Impact score
- 9.5
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6"
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6C67572-800C-4214-AD12-E9017A9A5BAA"
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7847CEB-DD8D-45A0-B500-95D511110FB3"
},
{
"criteria": "cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03A522A3-07D7-481F-A538-EA3D13256F63"
}
],
"operator": "OR"
}
]
}
]