CVE-2007-3854
Last modified
CVE-2007-3854 is a vulnerability of currently unknown severity. Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.. EPSS estimates a 2.53% chance of exploitation in the next 30 days.
Description
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Oracle | Apex | 1.5.0 | — |
| Oracle | Apex | 1.6.1 | — |
| Oracle | Apex | 2.0 | — |
| Oracle | Apex | 2.2 | — |
| Oracle | Application Server | 1.0.2.2 | R2 |
| Oracle | Application Server | 9.0.4.3 | — |
| Oracle | Application Server | 10.1.2.0.1 | — |
| Oracle | Application Server | 10.1.2.0.2 | — |
| Oracle | Application Server | 10.1.2.1.0 | — |
| Oracle | Application Server | 10.1.2.2.0 | — |
| Oracle | Application Server | 10.1.3.0.0 | — |
| Oracle | Application Server | 10.1.3.1.0 | — |
| Oracle | Application Server | 10.1.3.2.0 | — |
| Oracle | Application Server | 10.1.3.3.0 | — |
| Oracle | Collaboration Suite | 10.1.2 | — |
| Oracle | Database Server | 9.0.1.5 | — |
| Oracle | Database Server | 9.2.0.7 | R2 |
| Oracle | Database Server | 9.2.0.8 | R2 |
| Oracle | Database Server | 9.2.0.8dv | R2 |
| Oracle | Database Server | 10.1.0.5 | — |
| Oracle | Database Server | 10.2.0.2 | R2 |
| Oracle | Database Server | 10.2.0.3 | R2 |
| Oracle | E-Business Suite | 11.5.8 | — |
| Oracle | E-Business Suite | 11.5.9 | — |
| Oracle | E-Business Suite | 11.5.10 | — |
| Oracle | E-Business Suite | 11.5.10.2 | — |
| Oracle | E-Business Suite | 12.0.0 | — |
| Oracle | E-Business Suite | 12.0.1 | — |
| Oracle | Peoplesoft Enterprise Customer Relationship Management | 8.9 | — |
| Oracle | Peoplesoft Enterprise Customer Relationship Management | 9.0 | — |
| Oracle | Peoplesoft Enterprise Human Capital Management | 8.9 | — |
| Oracle | Peoplesoft Enterprise Human Capital Management | 9.0 | — |
| Oracle | Peoplesoft Enterprise Peopletools | 8.22 | — |
| Oracle | Peoplesoft Enterprise Peopletools | 8.47 | — |
| Oracle | Peoplesoft Enterprise Peopletools | 8.48 | — |
| Oracle | Peoplesoft Enterprise Peopletools | 8.49 | — |
| Oracle | Secure Enterprise Search | 10.1.6 | — |
| Oracle | Secure Enterprise Search | 10.1.8 | — |
References
- http://secunia.com/advisories/26114Patch, Vendor Advisory
- http://secunia.com/advisories/26166Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA07-200A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/2562Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2635Vendor Advisory
- http://secunia.com/advisories/26114Patch, Vendor Advisory
- http://secunia.com/advisories/26166Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA07-200A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/2562Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2635Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3854?
How severe is CVE-2007-3854?
How do I fix CVE-2007-3854?
Are you affected by CVE-2007-3854?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST