CVE-2007-3854

Currently unrated

Key Information:

Vendor: Oracle
Status: Database Server; Application Server; Peoplesoft Enterprise Customer Relationship Management; Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 18 July 2007

Summary

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://secunia.com/advisories/26114

third-party-advisoryx_refsource_SECUNIA

http://www.red-database-security.com/advisory/oracle_sql_...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 18, 2007
Vulnerability Reserved
Jul 18, 2007