[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-3132

Date: (C)2012-08-10   (M)2016-04-05
 
CVSS Score: 6.5Access Vector: NETWORK
Exploitability Subscore: 8.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.

Reference:
SECTRACK-1027367
IAVM:2012-A-0166
MDVSA-2013:150
http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html
http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/
https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132

CPE    6
cpe:/a:oracle:database_server:10.2.0.3
cpe:/a:oracle:database_server:10.2.0.4
cpe:/a:oracle:database_server:10.2.0.5
cpe:/a:oracle:database_server:11.2.0.2
...
CWE    1
CWE-89

© 2013 SecPod Technologies