NVD

Id
57573  
Name
CVE-2007-5508  
Description
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-10-17  
Modified Date
2012-10-22  
Seq
2007-5508  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
294641 57573 CVE-2007-5508 SSRT061201  View
294642 57573 CVE-2007-5508 3242  View
294643 57573 CVE-2007-5508 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/  View
294644 57573 CVE-2007-5508 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html  View
294645 57573 CVE-2007-5508 20071017 Multiple SQL Injection Flaws in Oracle CTX_DOC package  View
294646 57573 CVE-2007-5508 26101  View
294647 57573 CVE-2007-5508 1018823  View
294648 57573 CVE-2007-5508 TA07-290A  View
294649 57573 CVE-2007-5508 ADV-2007-3524  View
294650 57573 CVE-2007-5508 ADV-2007-3626  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
52165 JVNDB-2007-000855 Oracle Database の CTXSYS インターメディアアプリケーションにおける SQL インジェクションの脆弱性 Oracle Database の Oracle Text コンポーネントには、CTXSYS インターメディアアプリケーションにおいて、THEMES および GIST,TOKENS,FILTER,HIGHLIGHT,MARKUP プロシージャを利用した SQL インジェクションの脆弱性が存在します。(DB03) CVE-2007-5508 28863 CVE-2007-5508 57573 6.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000855.html 2007-10-16 2007-10-29 View