CVE-2007-3860

Currently unrated

Key Information:

Vendor: Oracle
Status: Apex
Vendor: CVE Published:; 18 July 2007

Summary

Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://secunia.com/advisories/26114

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/2901

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Jul 18, 2007
Vulnerability Reserved
Jul 18, 2007