Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1020 — Oracle Database Server vulnerability

5 documents4 sources

Severity

9.0CRITICALNVD

EPSS

3.5%

top 12.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Database Server

Timeline

PublishedJul 14

Latest updateMay 2

Description

Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server5 versions+4

🔴Vulnerability Details

GHSA

GHSA-vrm2-pjvc-7wp9: Unspecified vulnerability in the Network Foundation component in Oracle Database 9↗2022-05-02

▶

CVEList

CVE-2009-1020: Unspecified vulnerability in the Network Foundation component in Oracle Database 9↗2009-07-14

▶

💥Exploits & PoCs

Exploit-DB

Oracle 9i/10g Database - Network Foundation Remote Overflow↗2009-06-14

▶

Exploit-DB

32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow↗2009-05-05

▶