CVE-2006-7067 — Oracle Database Server vulnerability

3 documents3 sources

Severity

6.0MEDIUMNVD

EPSS

2.7%

top 14.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedMar 2

Latest updateMay 1

Description

Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.5 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server10.2.1

🔴Vulnerability Details

GHSA

GHSA-wvcx-5c9f-gcjj: Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session s↗2022-05-01

▶

CVEList

CVE-2006-7067: Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session s↗2007-02-27

▶