CNNVD-ID编号 | CNNVD-200610-276 |
CVE编号 | CVE-2006-5332 |
发布时间 | 2006-10-17 |
更新时间 | 2006-10-30 |
漏洞类型 | SQL注入 |
漏洞来源 | Oracle credits the following people with the discovery of these vulnerabilities: Johannes Fahrenkrug; Sacha Faust of S.P.I. Dynamics, Inc.; Esteban Martinez Fayo of Application Security, Inc.; Alexander Kornbrust of Red Database Security GmbH; David Litch |
危险等级 | 超危 |
威胁类型 | 远程 |
厂 商 | oracle |
Oracle Database 9.2.0.6和10.1.0.4的XMLDB组件中的xdb.dbms_xdbz存在未明漏洞,具有未知的影响和不明远程认证攻击向量。
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Oracle HTML DB 1.5
Oracle apex_2.2.1.zip
http://www.oracle.com/technology/software/htdocs/devlic.html?url=
http: //download.oracle.com/otn/java/appexpress/apex_2.2.1.zip
Oracle HTML DB 1.6.1
Oracle apex_2.2.1.zip
http://www.oracle.com/technology/software/htdocs/devlic.html?url=
http: //download.oracle.com/otn/java/appexpress/apex_2.2.1.zip
Oracle HTML DB 2.0
Oracle apex_2.2.1.zip
http://www.oracle.com/technology/software/htdocs/devlic.html?url=
http: //download.oracle.com/otn/java/appexpress/apex_2.2.1.zip
来源: TA06-291A
名称: TA06-291A
来源: VU#717140
名称: VU#717140
来源: BID
名称: 20588
来源: www.oracle.com
链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
来源: VUPEN
名称: ADV-2006-4065
来源: BUGTRAQ
名称: 20061018 Analysis of the Oracle October 2006 Critical Patch Update
链接:http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded
来源: MISC
链接:http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
来源: MISC
链接:http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
来源: SECTRACK
名称: 1017077
来源: SECUNIA
名称: 22396
来源: HP
名称: HPSBMA02133
链接:http://www.securityfocus.com/archive/1/archive/1/449711/100/0/threaded
来源: BUGTRAQ
名称: 20061023 SQL Injection in package XDB.DBMS_XDBZ0
链接:http://www.securityfocus.com/archive/1/archive/1/449510/100/0/threaded