CVE-2006-0271 : Detail

CVE-2006-0271

0.96%V3
Network
2006-01-18
10h00 +00:00
2017-07-19
13h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE Other No informations.

Metrics

Metrics Score Severity CVSS Vector Source
V2 10 AV:N/AC:L/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Oracle>>Database_server >> Version 8.1.7.4

Oracle>>Oracle10g >> Version enterprise_10.1.0.4

    Oracle>>Oracle10g >> Version personal_10.1.0.4

      Oracle>>Oracle10g >> Version standard_10.1.0.4

        Oracle>>Oracle8i >> Version enterprise_8.1.7.4

          Oracle>>Oracle8i >> Version standard_8.1.7.4

            Oracle>>Oracle9i >> Version enterprise_9.0.1.5

              Oracle>>Oracle9i >> Version standard_9.2.0.7

                References

                http://secunia.com/advisories/18493
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://www.vupen.com/english/advisories/2006/0323
                Tags : vdb-entry, x_refsource_VUPEN
                http://www.securityfocus.com/bid/16287
                Tags : vdb-entry, x_refsource_BID
                http://www.kb.cert.org/vuls/id/545804
                Tags : third-party-advisory, x_refsource_CERT-VN
                http://www.osvdb.org/22566
                Tags : vdb-entry, x_refsource_OSVDB
                http://securitytracker.com/id?1015499
                Tags : vdb-entry, x_refsource_SECTRACK
                http://www.vupen.com/english/advisories/2006/0243
                Tags : vdb-entry, x_refsource_VUPEN
                http://secunia.com/advisories/18608
                Tags : third-party-advisory, x_refsource_SECUNIA