Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
Published 2003-10-20 04:00:00
Updated 2017-09-28 01:29:00
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Denial of service

Products affected by CVE-2003-0727

Exploit prediction scoring system (EPSS) score for CVE-2003-0727

93.21%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2003-0727

  • Oracle 9i XDB FTP PASS Overflow (win32)
    Disclosure Date: 2003-08-18
    First seen: 2020-04-26
    exploit/windows/ftp/oracle9i_xdb_ftp_pass
    By passing an overly long string to the PASS command, a stack based buffer overflow occurs. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and
  • Oracle 9i XDB FTP UNLOCK Overflow (win32)
    Disclosure Date: 2003-08-18
    First seen: 2020-04-26
    exploit/windows/ftp/oracle9i_xdb_ftp_unlock
    By passing an overly long token to the UNLOCK command, a stack based buffer overflow occurs. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and
  • Oracle 9i XDB HTTP PASS Overflow (win32)
    Disclosure Date: 2003-08-18
    First seen: 2020-04-26
    exploit/windows/http/oracle9i_xdb_pass
    This module exploits a stack buffer overflow in the authorization code of the Oracle 9i HTTP XDB service. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods betw

CVSS scores for CVE-2003-0727

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.1
LOW AV:L/AC:L/Au:N/C:N/I:N/A:P
3.9
2.9
NIST
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!