CVE-2007-5508 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES (2) GIST (3) TOKENS (4) FILTER (5) HIGHLIGHT and (6) MARKUP procedures aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.

Reference

http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3242 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/ http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482425/100/0/threaded http://www.securityfocus.com/bid/26101 http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626

Share on: