CVE-2006-0435Oracle Application Server vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
3.2%
top 13.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Application ServerOracle Http Server
Timeline
PublishedJan 26
Latest updateMay 1

Description

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDoracle/application_server27 versions+26
NVDoracle/http_server12 versions+11

Patches

Patch: securitytracker.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-rwxq-ghr2-v6c9: Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 92022-05-01
CVEList
CVE-2006-0435: Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 92006-01-26
CVE-2006-0435 — Oracle Application Server vulnerability | cvebase