CVE-2006-7141
Last modified
CVE-2006-7141 is a vulnerability of currently unknown severity. Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability. EPSS estimates a 5.65% chance of exploitation in the next 30 days.
Description
Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-7141?
How severe is CVE-2006-7141?
How do I fix CVE-2006-7141?
Are you affected by CVE-2006-7141?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST