Vulnerability Details : CVE-2007-2109
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams".
Vulnerability category: Sql Injection
Products affected by CVE-2007-2109
- cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
Threat overview for CVE-2007-2109
Top countries where our scanners detected CVE-2007-2109
Top open port discovered on systems with this issue
1521
IPs affected by CVE-2007-2109 147
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-2109!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-2109
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
References for CVE-2007-2109
-
http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
-
http://www.securitytracker.com/id?1017927
-
http://www.us-cert.gov/cas/techalerts/TA07-108A.html
US Government Resource
-
http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
-
http://www.securityfocus.com/bid/23532
-
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
-
http://www.vupen.com/english/advisories/2007/1426
Vendor Advisory
-
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
-
http://www.securityfocus.com/archive/1/466329/100/200/threaded
Jump to