Schema Privilege Bypass in Apache Derby by The Apache Software Foundation
CVE-2006-7217

Currently unrated

Key Information:

Vendor: Apache
Status: Derby
Vendor: CVE Published:; 5 July 2007

Summary

Apache Derby versions prior to 10.2.1.6 does not correctly ascertain the schema privilege requirements during the DropSchemaNode bind phase. This oversight permits remote authenticated users to execute unauthorized drop schema statements when operating in SQL authorization mode, compromising the database's integrity and potentially leading to severe data loss.

References

http://www.novell.com/linux/security/advisories/suse_secu...

vendor-advisoryx_refsource_SUSE

http://db.apache.org/derby/releases/release-10.2.1.6.html

x_refsource_CONFIRM

http://issues.apache.org/jira/browse/DERBY-1858

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 5, 2007
Vulnerability Reserved
Jul 5, 2007