Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0637

CWE-94 — Code Injection4 documents4 sources

Severity

6.5MEDIUM

EPSS

19.3%

top 4.63%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Oracle8i Oracle Oracle9i

Timeline

PublishedSep 2

Latest updateApr 29

Description

Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDoracle/oracle8ienterprise_8.1.7_.4, standard_8.1.7_.4+1

▶NVDoracle/oracle9i4 versions+3

Patches

Patch: secunia.com ↗Patch: www.idefense.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-mjf8-rrmf-q848: Oracle Database Server 8↗2022-04-29

▶

CVEList

CVE-2004-0637: Oracle Database Server 8↗2005-04-14

▶

💥Exploits & PoCs

Exploit-DB

Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation↗2004-09-03

▶