CVE-2007-3854 : Detail

CVE-2007-3854

2.21%V3
Network
2007-07-18
17h00 +00:00
2017-07-28
10h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE Other No informations.

Metrics

Metrics Score Severity CVSS Vector Source
V2 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Products Mentioned

Configuraton 0

Oracle>>Apex >> Version 1.5.0

    Oracle>>Apex >> Version 1.6.1

      Oracle>>Apex >> Version 2.0

      Oracle>>Apex >> Version 2.2

      Oracle>>Application_server >> Version 1.0.2.2

      Oracle>>Application_server >> Version 9.0.4.3

      Oracle>>Application_server >> Version 10.1.2.0.1

      Oracle>>Application_server >> Version 10.1.2.0.2

      Oracle>>Application_server >> Version 10.1.2.1.0

      Oracle>>Application_server >> Version 10.1.2.2.0

      Oracle>>Application_server >> Version 10.1.3.0.0

      Oracle>>Application_server >> Version 10.1.3.1.0

      Oracle>>Application_server >> Version 10.1.3.2.0

      Oracle>>Application_server >> Version 10.1.3.3.0

      Oracle>>Collaboration_suite >> Version 10.1.2

      Oracle>>Database_server >> Version 9.0.1.5

        Oracle>>Database_server >> Version 9.2.0.7

        Oracle>>Database_server >> Version 9.2.0.8

        Oracle>>Database_server >> Version 9.2.0.8dv

        Oracle>>Database_server >> Version 10.1.0.5

        Oracle>>Database_server >> Version 10.2.0.2

        Oracle>>Database_server >> Version 10.2.0.3

        Oracle>>E-business_suite >> Version 11.5.8

        Oracle>>E-business_suite >> Version 11.5.9

        Oracle>>E-business_suite >> Version 11.5.10

        Oracle>>E-business_suite >> Version 11.5.10.2

        Oracle>>E-business_suite >> Version 12.0.0

        Oracle>>E-business_suite >> Version 12.0.1

        Oracle>>Peoplesoft_enterprise_customer_relationship_management >> Version 8.9

        • Oracle>>Peoplesoft_enterprise_customer_relationship_management >> Version 8.9 (Open CPE detail)

        Oracle>>Peoplesoft_enterprise_customer_relationship_management >> Version 9.0

        • Oracle>>Peoplesoft_enterprise_customer_relationship_management >> Version 9.0 (Open CPE detail)

        Oracle>>Peoplesoft_enterprise_human_capital_management >> Version 8.9

        Oracle>>Peoplesoft_enterprise_human_capital_management >> Version 9.0

        Oracle>>Peoplesoft_enterprise_peopletools >> Version 8.22

        Oracle>>Peoplesoft_enterprise_peopletools >> Version 8.47

        Oracle>>Peoplesoft_enterprise_peopletools >> Version 8.48

        Oracle>>Peoplesoft_enterprise_peopletools >> Version 8.49

        Oracle>>Secure_enterprise_search >> Version 10.1.6

        Oracle>>Secure_enterprise_search >> Version 10.1.8

        References

        http://secunia.com/advisories/26114
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/26166
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://www.us-cert.gov/cas/techalerts/TA07-200A.html
        Tags : third-party-advisory, x_refsource_CERT
        http://www.vupen.com/english/advisories/2007/2562
        Tags : vdb-entry, x_refsource_VUPEN
        http://www.vupen.com/english/advisories/2007/2635
        Tags : vdb-entry, x_refsource_VUPEN
        http://www.securitytracker.com/id?1018415
        Tags : vdb-entry, x_refsource_SECTRACK