CVE-2006-0435

Severity

75%

Complexity

99%

Confidentiality

106%

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Oracle

First reported 19 years ago

2006-01-26 11:07:00

Last updated 6 years ago

2018-10-19 15:44:00

Affected Software

Oracle Application Server

Oracle Application Server 9i 1.0.2

1.0.2

Oracle Internet Application Server 1.0.2.0

1.0.2.0

Oracle Internet Application Server 1.0.2.1

1.0.2.1

Oracle Application Server 9i 1.0.2.1s

1.0.2.1s

Oracle Application Server 9i 1.0.2.2

1.0.2.2

Oracle Oracle9i Application Server 1.0.2.2.2

1.0.2.2.2

Oracle Application Server 9i 9.0.2

9.0.2

Oracle Oracle9i Application Server 9.0.2.0.0

9.0.2.0.0

Oracle Oracle9i Application Server 9.0.2.0.1

9.0.2.0.1

Oracle Oracle10g Application Server 9.0.2.1

9.0.2.1

Oracle Oracle9i Application Server 9.0.2.2

9.0.2.2

Oracle Application Server 10g 9.0.2.3

9.0.2.3

Oracle Oracle9i Application Server 9.0.3

9.0.3

Oracle Application Server 10g 9.0.3.1

9.0.3.1

Oracle Oracle10g Application Server 9.0.4.0

9.0.4.0

Oracle Application Server 10g 9.0.4.1

9.0.4.1

Oracle Application Server 10g 9.0.4.2

9.0.4.2

Oracle Oracle9i Application Server 9.2.0.6

9.2.0.6

Oracle Oracle9i Application Server 9.2.0.7

9.2.0.7

Oracle Oracle10g Application Server 10.1.0.2

10.1.0.2

Oracle Oracle10g Application Server 10.1.0.3

10.1.0.3

Oracle Oracle10g Application Server 10.1.0.3.1

10.1.0.3.1

Oracle Oracle10g Application Server 10.1.0.4

10.1.0.4

Oracle Oracle10g Application Server 10.1.2

10.1.2

Oracle Application Server 10g 10.1.2.0.2

10.1.2.0.2

Oracle Application Server 10g 10.1.2.1.0

10.1.2.1.0

Oracle Oracle10g Application Server 10.1.2 .0.1

10.1.2_.0.1

Oracle HTTP Server 1.0.2.0

1.0.2.0

Oracle HTTP Server 1.0.2.1

1.0.2.1

Oracle HTTP Server 1.0.2.2

1.0.2.2

Oracle HTTP Server 8.1.7

8.1.7

Oracle HTTP Server 9.0.1

9.0.1

Oracle HTTP Server 9.0.2

9.0.2

Oracle HTTP Server 9.0.2.3

9.0.2.3

Oracle HTTP Server 9.0.3.1

9.0.3.1

Oracle HTTP Server 9.1

9.1

Oracle HTTP Server 9.2.0

9.2.0

References

20060202 The History of the Oracle PLSQL Gateway Flaw

20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw

20060125 Workaround for unpatched Oracle PLSQL Gateway flaw

18621

19712

Vendor Advisory

19859

Vendor Advisory

402

403

1015544

1015961

Patch

VU#169164

US Government Resource

http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html

http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html

22719

20060125 Workaround for unpatched Oracle PLSQL Gateway flaw

20060131 Re: Workaround for unpatched Oracle PLSQL Gateway flaw

20060202 The History of the Oracle PLSQL Gateway Flaw

20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw

20060208 Re: Workaround for unpatched Oracle PLSQL Gateway flaw

SSRT061148

16384

ADV-2006-0338

Vendor Advisory

ADV-2006-1397

Vendor Advisory

ADV-2006-1571

Vendor Advisory

oracle-plsql-command-execution(24363)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.