CVE-2006-3702

Name: CVE-2006-3702
Creator: NVD / NIST
Published: 2006-07-21T14:03:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.23%

Last modified Jun 16, 2026

CVE-2006-3702 is a vulnerability of currently unknown severity. Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081.. EPSS estimates a 4.23% chance of exploitation in the next 30 days.

Description

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081.

Metrics

EPSS Probability

4.23%

89.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Oracle	Database Server	8.1.7.4
Oracle	Database Server	9.2.0.7
Oracle	Database Server	10.1.0.5
Oracle	Database Server	10.2.0.2

References

http://secunia.com/advisories/21111Vendor Advisory
http://secunia.com/advisories/21165Vendor Advisory
http://securitytracker.com/id?1016529
http://www.kb.cert.org/vuls/id/932124US Government Resource
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.htmlPatch, Vendor Advisory
http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html
http://www.securityfocus.com/archive/1/440758/100/100/threaded
http://www.securityfocus.com/bid/19054Patch
http://www.us-cert.gov/cas/techalerts/TA06-200A.htmlUS Government Resource
http://www.vupen.com/english/advisories/2006/2863Vendor Advisory
http://www.vupen.com/english/advisories/2006/2947Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
http://secunia.com/advisories/21111Vendor Advisory
http://secunia.com/advisories/21165Vendor Advisory
http://securitytracker.com/id?1016529
http://www.kb.cert.org/vuls/id/932124US Government Resource
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.htmlPatch, Vendor Advisory
http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html
http://www.securityfocus.com/archive/1/440758/100/100/threaded
http://www.securityfocus.com/bid/19054Patch
http://www.us-cert.gov/cas/techalerts/TA06-200A.htmlUS Government Resource
http://www.vupen.com/english/advisories/2006/2863Vendor Advisory
http://www.vupen.com/english/advisories/2006/2947Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897

Timeline

Published: Jul 21, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3702?

How severe is CVE-2006-3702?

Severity scoring for CVE-2006-3702 is pending analysis. The EPSS model estimates a 4.23% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3702?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3702?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST