Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1970 — Oracle Database 10G vulnerability

8 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

11.9%

top 6.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Database 10G Oracle Database 11G Oracle Database 9I +1 more

Timeline

PublishedJul 14

Latest updateMay 2

Description

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDoracle/database_9i9.2.0.8, 9.2.0.8dv+1

▶NVDoracle/database_10g10.1.0.5, 10.2.0.4+1

▶NVDoracle/database_11g11.1.0.7

▶NVDoracle/database_server5 versions+4

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-cfhm-pj55-pf52: Unspecified vulnerability in the Listener component in Oracle Database 9↗2022-05-02

▶

GHSA

GHSA-rgvf-r288-6rqr: Unspecified vulnerability in the Listener component in Oracle Database 9↗2022-05-02

▶

CVEList

CVE-2009-1970: Unspecified vulnerability in the Listener component in Oracle Database 9↗2009-07-14

▶

CVEList

CVE-2009-0991: Unspecified vulnerability in the Listener component in Oracle Database 9↗2009-04-15

▶

💥Exploits & PoCs

Exploit-DB

Oracle 9i/10g Database - TNS Command Remote Denial of Service↗2009-06-14

▶