Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0991

4 documents4 sources

Severity

5.0MEDIUM

EPSS

50.5%

top 2.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Database 10G Oracle Database 11G Oracle Database 9I

Timeline

PublishedApr 15

Latest updateMay 2

Description

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDoracle/database_9i9.2.0.8, 9.2.0.8dv+1

▶NVDoracle/database_10g10.1.0.5, 10.2.0.4+1

▶NVDoracle/database_11g11.1.0.7

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-cfhm-pj55-pf52: Unspecified vulnerability in the Listener component in Oracle Database 9↗2022-05-02

▶

CVEList

CVE-2009-0991: Unspecified vulnerability in the Listener component in Oracle Database 9↗2009-04-15

▶

💥Exploits & PoCs

Exploit-DB

Oracle RDBms 10.2.0.3/11.1.0.6 - TNS Listener (PoC)↗2009-04-21

▶