Vulnerability Name: CVE-2005-3439 (CCN-22937) Assigned: 2005-10-18 Published: 2005-10-18 Updated: 2012-10-23 Summary: Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRECVE-2005-3437 CVE-2005-3438 CVE-2005-3439 CVE-2005-3440 CVE-2005-3441 CVE-2005-3442 CVE-2005-3443 CVE-2005-3444 CVE-2005-3445 CVE-2005-3446 CVE-2005-3447 CVE-2005-3448 CVE-2005-3449 CVE-2005-3450 CVE-2005-3451 CVE-2005-3452 CVE-2005-3453 CVE-2005-3454 CVE-2005-3455 CVE-2005-3456 CVE-2005-3457 CVE-2005-3458 CVE-2005-3459 CVE-2005-3460 CVE-2005-3461 CVE-2005-3462 CVE-2005-3463 CVE-2005-3464 CVE-2005-3465 CVE-2005-3466 17250 Oracle E-Business Suite Applications Technology Stack vulnerability Oracle Application Server SQL*ReportWriter vulnerability VU#210524 Oracle Human Resource Management System vulnerability Oracle Application Server Internet Directory vulnerability Oracle Application Server Web Cache vulnerability Oracle E-Business Suite Applications Utilities vulnerability Oracle Enterprise Manager Oracle Agent contains a buffer overflow Oracle HTTP Server vulnerability Oracle Critical Patch Update Advisory - October 2005 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html Oracle Database PL/SQL sys.standard Unspecified SQL Issue Oracle Database Change Data Capture sys.dbms_cdc_impdp Unspecified Trivial SQL Issue Oracle Database Change Data Capture sys.dbms_cdc_impdp Unspecified Difficult SQL Issue Oracle Database Change Data Capture sys.dbms_cdc_dputil Unspecified SQL Issue Oracle Database Data Pump Export sys.kupf$file Unspecified Trivial SQL Issue Oracle Database Scheduler sys.dbms_scheduler Unspecified Difficult SQL Issue Oracle Database Export sys.dbms_export_extension Unspecified Trivial SQL Issue Oracle Database Materialized Views sys.dbms_snapshot Unspecified SQL Issue (DB11) Oracle Database Intelligent Agent Unspecified Local Issue Oracle Database Security Service Unspecified Remote Issue Oracle Database Spatial mdsys.sdo_idx Unspecified Difficult SQL Issue Oracle Database Spatial mdsys.sdo_rtree_admin Unspecified SQL Issue Oracle Database Spatial mdsys.sdo_tune Unspecified SQL Issue Oracle Database Spatial mdsys.sdo_util Unspecified SQL Issue Oracle Database Spatial mdsys.sdo_join Unspecified SQL Issue Oracle Database Spatial mdsys.sdo_sam Unspecified SQL Issue Oracle Database Spatial mdsys.prvt_sam Unspecified SQL Issue Oracle Database Spatial mdsys.prvt_idx Unspecified SQL Issue (DB21) Oracle Database Spatial mdsys.md2 Unspecified SQL Issue Oracle Database Spatial mdsys.rtree_idx Unspecified SQL Issue Oracle Database Spatial mdsys.sdo_idx Unspecified Trivial SQL Issue Oracle Database Spatial mdsys.prvt_idx Unspecified SQL Issue (DB25) Oracle Database Programmatic Interface alter session Unspecified SQL Issue Oracle Database/Application HTTP Server Unspecified Local Issue Oracle Database/Application HTTP Server Unspecified Remote Issue Oracle Database/Application Server Internet Directory Unspecified Local Issue Oracle Database/Application Server Single Sign-on (SSO) Unspecified Local Issue Oracle Application Server OC4J Module HTTP Unspecified Trivial Remote Information Disclosure Oracle Application Server Containers for J2EE Unspecified Trivial Remote DoS Oracle Application HTTP Server Unspecified Trivial Remote Information Disclosure Oracle Application Server Internet Directory Unspecified Remote HTTP Issue Oracle Application Report Server HTTP Unspecified Trivial Remote Information Disclosure Oracle Application Server SQL*ReportWriter Unspecified HTTP Issue Oracle Application Server Web Cache HTTP Unspecified Trivial Information Disclosure Oracle Application Server Web Cache HTTP Unspecified Difficult Issue Oracle Application Server Web Cache Administrator HTTP Unspecified Issue Oracle Application Server Web Cache Unspecified Trivial Remote DoS Oracle Collaboration Suite Calendar Module Unauthenticated Remote Issue Oracle Collaboration Suite Calendar Module Unspecified Trivial Local Information Disclosure Oracle Collaboration Suite Calendar Module HTTP Authenticated Trivial Information Disclosure Oracle Collaboration Suite Calendar Module Unspecified Trivial Remote Information Disclosure Oracle Collaboration Suite Email Server Unspecified Local Trivial Information Disclosure Oracle Collaboration Suite Email Server IMAP Unauthenticated Trivial DoS Oracle Collaboration Suite Email Server IMAP Authenticated Information Disclosure Oracle Collaboration Suite Email Server EMAIL Unspecified Remote Issue Oracle Collaboration Suite Email Server EMAIL Unspecified Remote Issue Oracle Collaboration Suite Email Server EMAIL Unspecified Remote Trivial DoS Oracle Collaboration Suite Files Component Unspecified Local Issue Oracle Collaboration Suite Files Component Trivial FTP DoS Oracle Collaboration Suite Files Component Trivial NFS DoS Oracle E-Business Suite/Applications Unspecified Local Log File Issue Oracle E-Business Suite/Applications Application Object Library HTTP Unauthenticated Trivial Disclosure (APPS02) Oracle E-Business Suite/Applications Application Object Library HTTP Authenticated Difficult Issue Oracle E-Business Suite/Applications Application Object Library HTTP Unauthenticated Trivial Disclosure (APPS04) Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure Oracle E-Business Suite/Applications Applications Technology Stack HTTP Unspecified Issue Oracle E-Business Suite/Applications Applications Utilities HTTP Unspecified Issue Oracle E-Business Suite/Applications HRMS (Self Service) Authenticated Unspecified Issue (APPS08) Oracle E-Business Suite/Applications HRMS (Self Service) Authenticated Unspecified Issue (APPS09) Oracle E-Business Suite/Applications HRMS (Self Service) Authenticated Unspecified Issue (APPS10) Oracle E-Business Suite/Applications HRMS (UK) HTTP Unspecified Issue Oracle E-Business Suite/Applications Mobile Application Foundation Authenticated Local Issue Oracle E-Business Suite/Applications SDP Number Portability Authenticated Local Issue Oracle E-Business Suite/Applications Service Authenticated Local Issue Oracle E-Business Suite/Applications Service Fulfillment Manager Authenticated HTTP Issue Oracle E-Business Suite/Applications Universal Work Queue Authenticated HTTP Issue Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS17) Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS18) Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS19) Oracle E-Business Suite/Applications Workflow Cartridge Unauthenticated Unspecified Local Issue Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS21) Oracle E-Business Suite/Applications Clinical Forms Authenticated Issue Oracle Enterprise Manager Agent Overflow Oracle PeopleSoft Enterprise PeopleTools Authenticated Difficult Remote Issue Oracle PeopleSoft Enterprise PeopleTools Authenticated Trivial Limited Impact Issue Oracle PeopleSoft Enterprise PeopleTools Authenticated Trivial Wide Impact Issue Oracle PeopleSoft Enterprise PeopleTools Authenticated Trivial Remote Information Disclosure Oracle PeopleSoft Enterprise JDEdwards HTML Server Unauthenticated Remote Issue Oracle PeopleSoft Enterprise Enterprise CRM Sales Authenticated Remote Issue 15134 TA05-292A oracle-october2005-update(22937) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:database_server:10.1.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:1.0.2.2:r1:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_application_server_control:9.0.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:clinical:4.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:clinical:4.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4.2:r1:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.4.3:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_customer_relationship_management:8.9:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_application_server_control:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_customer_relationship_management:8.81:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_tools:8.46:ga:*:*:*:*:*:* BACK
oracle database server 10.1.0.3
oracle database server 10.1.0.4
oracle database server 10.1.0.4.2
oracle database server 8.1.7.4
oracle database server 9.2.0.6 r2
oracle database server 8.0.6.3
oracle database server 10.1.0.3 r1
oracle application server 9.0.4.1
oracle application server 1.0.2.2 r1
oracle collaboration suite 9.0.4.2 r2
oracle database server 9.0.1.5
oracle database server 10.1.0.4 r1
oracle e-business suite 11.0
oracle enterprise manager grid control 10.1.0.3
oracle enterprise manager application server control 9.0.4.1
oracle developer suite 9.0.4.1
oracle application server 9.0.4.2
oracle enterprise manager grid control 10.1.0.4
oracle application server 10.1.2.0.0 r2
oracle application server 10.1.2.0.1 r2
oracle application server 10.1.2.0.2 r2
oracle clinical 4.5.0
oracle clinical 4.5.1
oracle database server 9.2.0.7 r2
oracle e-business suite 11.5.10
oracle database server 10.1.0.4.2 r1
oracle developer suite 9.0.2.1
oracle developer suite 9.0.4.2
oracle developer suite 9.0.4.3
oracle peoplesoft enterprise customer relationship management 8.9
oracle e-business suite 11.5.1
oracle e-business suite 11.5.2
oracle e-business suite 11.5.3
oracle e-business suite 11.5.4
oracle e-business suite 11.5.5
oracle e-business suite 11.5.6
oracle e-business suite 11.5.7
oracle e-business suite 11.5.8
oracle e-business suite 11.5.9
oracle enterprise manager application server control 9.0.4.2
oracle peoplesoft enterprise customer relationship management 8.81
oracle peoplesoft enterprise tools 8.46 ga
Denotes that component is vulnerable