Vulnerability Details : CVE-2009-1991
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that this is for multiple SQL injection vulnerabilities via the (1) idx_owner or (2) idx_name parameters to the create_tables procedure.
Vulnerability category: Sql Injection
Products affected by CVE-2009-1991
- cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
Threat overview for CVE-2009-1991
Top countries where our scanners detected CVE-2009-1991
Top open port discovered on systems with this issue
1521
IPs affected by CVE-2009-1991 126
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-1991!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-1991
17.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1991
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:N/AC:H/Au:S/C:P/I:P/A:N |
3.9
|
4.9
|
NIST |
References for CVE-2009-1991
-
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
Page not found | Oracle
-
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Oracle Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securityfocus.com/bid/36748
-
http://www.securitytracker.com/id?1023057
Jump to