Vulnerability Name:

CVE-2005-3446 (CCN-22937)

Assigned:2005-10-18
Published:2005-10-18
Updated:2012-10-23
Summary:Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-3437

Source: MITRE
Type: CNA
CVE-2005-3438

Source: MITRE
Type: CNA
CVE-2005-3439

Source: MITRE
Type: CNA
CVE-2005-3440

Source: MITRE
Type: CNA
CVE-2005-3441

Source: MITRE
Type: CNA
CVE-2005-3442

Source: MITRE
Type: CNA
CVE-2005-3443

Source: MITRE
Type: CNA
CVE-2005-3444

Source: MITRE
Type: CNA
CVE-2005-3445

Source: MITRE
Type: CNA
CVE-2005-3446

Source: MITRE
Type: CNA
CVE-2005-3447

Source: MITRE
Type: CNA
CVE-2005-3448

Source: MITRE
Type: CNA
CVE-2005-3449

Source: MITRE
Type: CNA
CVE-2005-3450

Source: MITRE
Type: CNA
CVE-2005-3451

Source: MITRE
Type: CNA
CVE-2005-3452

Source: MITRE
Type: CNA
CVE-2005-3453

Source: MITRE
Type: CNA
CVE-2005-3454

Source: MITRE
Type: CNA
CVE-2005-3455

Source: MITRE
Type: CNA
CVE-2005-3456

Source: MITRE
Type: CNA
CVE-2005-3457

Source: MITRE
Type: CNA
CVE-2005-3458

Source: MITRE
Type: CNA
CVE-2005-3459

Source: MITRE
Type: CNA
CVE-2005-3460

Source: MITRE
Type: CNA
CVE-2005-3461

Source: MITRE
Type: CNA
CVE-2005-3462

Source: MITRE
Type: CNA
CVE-2005-3463

Source: MITRE
Type: CNA
CVE-2005-3464

Source: MITRE
Type: CNA
CVE-2005-3465

Source: MITRE
Type: CNA
CVE-2005-3466

Source: SECUNIA
Type: UNKNOWN
17250

Source: CCN
Type: US-CERT VU#150508
Oracle E-Business Suite Applications Technology Stack vulnerability

Source: CCN
Type: US-CERT VU#171364
Oracle Application Server SQL*ReportWriter vulnerability

Source: CERT-VN
Type: US Government Resource
VU#210524

Source: CCN
Type: US-CERT VU#265700
Oracle Human Resource Management System vulnerability

Source: CCN
Type: US-CERT VU#376756
Oracle Application Server Internet Directory vulnerability

Source: CCN
Type: US-CERT VU#512716
Oracle Application Server Web Cache vulnerability

Source: CCN
Type: US-CERT VU#609340
Oracle E-Business Suite Applications Utilities vulnerability

Source: CCN
Type: US-CERT VU#865948
Oracle Enterprise Manager Oracle Agent contains a buffer overflow

Source: CCN
Type: US-CERT VU#890940
Oracle HTTP Server vulnerability

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - October 2005

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html

Source: CCN
Type: OSVDB ID: 20583
Oracle Database PL/SQL sys.standard Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20584
Oracle Database Change Data Capture sys.dbms_cdc_impdp Unspecified Trivial SQL Issue

Source: CCN
Type: OSVDB ID: 20585
Oracle Database Change Data Capture sys.dbms_cdc_impdp Unspecified Difficult SQL Issue

Source: CCN
Type: OSVDB ID: 20587
Oracle Database Change Data Capture sys.dbms_cdc_dputil Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20589
Oracle Database Data Pump Export sys.kupf$file Unspecified Trivial SQL Issue

Source: CCN
Type: OSVDB ID: 20590
Oracle Database Scheduler sys.dbms_scheduler Unspecified Difficult SQL Issue

Source: CCN
Type: OSVDB ID: 20591
Oracle Database Export sys.dbms_export_extension Unspecified Trivial SQL Issue

Source: CCN
Type: OSVDB ID: 20593
Oracle Database Materialized Views sys.dbms_snapshot Unspecified SQL Issue (DB11)

Source: CCN
Type: OSVDB ID: 20596
Oracle Database Intelligent Agent Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 20598
Oracle Database Security Service Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 20599
Oracle Database Spatial mdsys.sdo_idx Unspecified Difficult SQL Issue

Source: CCN
Type: OSVDB ID: 20600
Oracle Database Spatial mdsys.sdo_rtree_admin Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20601
Oracle Database Spatial mdsys.sdo_tune Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20602
Oracle Database Spatial mdsys.sdo_util Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20603
Oracle Database Spatial mdsys.sdo_join Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20604
Oracle Database Spatial mdsys.sdo_sam Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20605
Oracle Database Spatial mdsys.prvt_sam Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20606
Oracle Database Spatial mdsys.prvt_idx Unspecified SQL Issue (DB21)

Source: CCN
Type: OSVDB ID: 20607
Oracle Database Spatial mdsys.md2 Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20608
Oracle Database Spatial mdsys.rtree_idx Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20609
Oracle Database Spatial mdsys.sdo_idx Unspecified Trivial SQL Issue

Source: CCN
Type: OSVDB ID: 20610
Oracle Database Spatial mdsys.prvt_idx Unspecified SQL Issue (DB25)

Source: CCN
Type: OSVDB ID: 20611
Oracle Database Programmatic Interface alter session Unspecified SQL Issue

Source: CCN
Type: OSVDB ID: 20615
Oracle Database/Application HTTP Server Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 20616
Oracle Database/Application HTTP Server Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 20617
Oracle Database/Application Server Internet Directory Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 20618
Oracle Database/Application Server Single Sign-on (SSO) Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 20619
Oracle Application Server OC4J Module HTTP Unspecified Trivial Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 20620
Oracle Application Server Containers for J2EE Unspecified Trivial Remote DoS

Source: CCN
Type: OSVDB ID: 20621
Oracle Application HTTP Server Unspecified Trivial Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 20622
Oracle Application Server Internet Directory Unspecified Remote HTTP Issue

Source: CCN
Type: OSVDB ID: 20623
Oracle Application Report Server HTTP Unspecified Trivial Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 20624
Oracle Application Server SQL*ReportWriter Unspecified HTTP Issue

Source: CCN
Type: OSVDB ID: 20625
Oracle Application Server Web Cache HTTP Unspecified Trivial Information Disclosure

Source: CCN
Type: OSVDB ID: 20626
Oracle Application Server Web Cache HTTP Unspecified Difficult Issue

Source: CCN
Type: OSVDB ID: 20627
Oracle Application Server Web Cache Administrator HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 20628
Oracle Application Server Web Cache Unspecified Trivial Remote DoS

Source: CCN
Type: OSVDB ID: 20629
Oracle Collaboration Suite Calendar Module Unauthenticated Remote Issue

Source: CCN
Type: OSVDB ID: 20630
Oracle Collaboration Suite Calendar Module Unspecified Trivial Local Information Disclosure

Source: CCN
Type: OSVDB ID: 20631
Oracle Collaboration Suite Calendar Module HTTP Authenticated Trivial Information Disclosure

Source: CCN
Type: OSVDB ID: 20632
Oracle Collaboration Suite Calendar Module Unspecified Trivial Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 20633
Oracle Collaboration Suite Email Server Unspecified Local Trivial Information Disclosure

Source: CCN
Type: OSVDB ID: 20634
Oracle Collaboration Suite Email Server IMAP Unauthenticated Trivial DoS

Source: CCN
Type: OSVDB ID: 20635
Oracle Collaboration Suite Email Server IMAP Authenticated Information Disclosure

Source: CCN
Type: OSVDB ID: 20636
Oracle Collaboration Suite Email Server EMAIL Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 20637
Oracle Collaboration Suite Email Server EMAIL Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 20638
Oracle Collaboration Suite Email Server EMAIL Unspecified Remote Trivial DoS

Source: CCN
Type: OSVDB ID: 20639
Oracle Collaboration Suite Files Component Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 20640
Oracle Collaboration Suite Files Component Trivial FTP DoS

Source: CCN
Type: OSVDB ID: 20641
Oracle Collaboration Suite Files Component Trivial NFS DoS

Source: CCN
Type: OSVDB ID: 20642
Oracle E-Business Suite/Applications Unspecified Local Log File Issue

Source: CCN
Type: OSVDB ID: 20643
Oracle E-Business Suite/Applications Application Object Library HTTP Unauthenticated Trivial Disclosure (APPS02)

Source: CCN
Type: OSVDB ID: 20644
Oracle E-Business Suite/Applications Application Object Library HTTP Authenticated Difficult Issue

Source: CCN
Type: OSVDB ID: 20645
Oracle E-Business Suite/Applications Application Object Library HTTP Unauthenticated Trivial Disclosure (APPS04)

Source: CCN
Type: OSVDB ID: 20646
Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure

Source: CCN
Type: OSVDB ID: 20647
Oracle E-Business Suite/Applications Applications Technology Stack HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 20648
Oracle E-Business Suite/Applications Applications Utilities HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 20649
Oracle E-Business Suite/Applications HRMS (Self Service) Authenticated Unspecified Issue (APPS08)

Source: CCN
Type: OSVDB ID: 20650
Oracle E-Business Suite/Applications HRMS (Self Service) Authenticated Unspecified Issue (APPS09)

Source: CCN
Type: OSVDB ID: 20651
Oracle E-Business Suite/Applications HRMS (Self Service) Authenticated Unspecified Issue (APPS10)

Source: CCN
Type: OSVDB ID: 20652
Oracle E-Business Suite/Applications HRMS (UK) HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 20653
Oracle E-Business Suite/Applications Mobile Application Foundation Authenticated Local Issue

Source: CCN
Type: OSVDB ID: 20654
Oracle E-Business Suite/Applications SDP Number Portability Authenticated Local Issue

Source: CCN
Type: OSVDB ID: 20655
Oracle E-Business Suite/Applications Service Authenticated Local Issue

Source: CCN
Type: OSVDB ID: 20656
Oracle E-Business Suite/Applications Service Fulfillment Manager Authenticated HTTP Issue

Source: CCN
Type: OSVDB ID: 20657
Oracle E-Business Suite/Applications Universal Work Queue Authenticated HTTP Issue

Source: CCN
Type: OSVDB ID: 20658
Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS17)

Source: CCN
Type: OSVDB ID: 20659
Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS18)

Source: CCN
Type: OSVDB ID: 20660
Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS19)

Source: CCN
Type: OSVDB ID: 20661
Oracle E-Business Suite/Applications Workflow Cartridge Unauthenticated Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 20662
Oracle E-Business Suite/Applications Workflow Cartridge Authenticated HTTP Trivial Information Disclosure (APPS21)

Source: CCN
Type: OSVDB ID: 20663
Oracle E-Business Suite/Applications Clinical Forms Authenticated Issue

Source: CCN
Type: OSVDB ID: 20664
Oracle Enterprise Manager Agent Overflow

Source: CCN
Type: OSVDB ID: 20665
Oracle PeopleSoft Enterprise PeopleTools Authenticated Difficult Remote Issue

Source: CCN
Type: OSVDB ID: 20666
Oracle PeopleSoft Enterprise PeopleTools Authenticated Trivial Limited Impact Issue

Source: CCN
Type: OSVDB ID: 20667
Oracle PeopleSoft Enterprise PeopleTools Authenticated Trivial Wide Impact Issue

Source: CCN
Type: OSVDB ID: 20668
Oracle PeopleSoft Enterprise PeopleTools Authenticated Trivial Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 20669
Oracle PeopleSoft Enterprise JDEdwards HTML Server Unauthenticated Remote Issue

Source: CCN
Type: OSVDB ID: 20670
Oracle PeopleSoft Enterprise Enterprise CRM Sales Authenticated Remote Issue

Source: BID
Type: UNKNOWN
15134

Source: CERT
Type: US Government Resource
TA05-292A

Source: XF
Type: UNKNOWN
oracle-october2005-update(22937)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_application_server_control:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:clinical:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:clinical:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_customer_relationship_management:8.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_application_server_control:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_customer_relationship_management:8.81:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_tools:8.46:ga:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    oracle application server 9.0.2.3
    oracle application server 9.0.3.1
    oracle application server 9.0.4.1
    oracle application server 9.0.4.2
    oracle application server 10.1.2.0.0
    oracle database server 9.2.0.5
    oracle database server 9.2.0.6
    oracle database server 8.1.7.4
    oracle database server 9.2.0.6 r2
    oracle database server 8.0.6.3
    oracle database server 10.1.0.3 r1
    oracle application server 9.0.4.1
    oracle application server 1.0.2.2 r1
    oracle collaboration suite 9.0.4.2 r2
    oracle database server 9.0.1.5
    oracle database server 10.1.0.4 r1
    oracle e-business suite 11.0
    oracle enterprise manager grid control 10.1.0.3
    oracle enterprise manager application server control 9.0.4.1
    oracle developer suite 9.0.4.1
    oracle application server 9.0.4.2
    oracle enterprise manager grid control 10.1.0.4
    oracle application server 10.1.2.0.0 r2
    oracle application server 10.1.2.0.1 r2
    oracle application server 10.1.2.0.2 r2
    oracle clinical 4.5.0
    oracle clinical 4.5.1
    oracle database server 9.2.0.7 r2
    oracle e-business suite 11.5.10
    oracle database server 10.1.0.4.2 r1
    oracle developer suite 9.0.2.1
    oracle developer suite 9.0.4.2
    oracle developer suite 9.0.4.3
    oracle peoplesoft enterprise customer relationship management 8.9
    oracle e-business suite 11.5.1
    oracle e-business suite 11.5.2
    oracle e-business suite 11.5.3
    oracle e-business suite 11.5.4
    oracle e-business suite 11.5.5
    oracle e-business suite 11.5.6
    oracle e-business suite 11.5.7
    oracle e-business suite 11.5.8
    oracle e-business suite 11.5.9
    oracle enterprise manager application server control 9.0.4.2
    oracle peoplesoft enterprise customer relationship management 8.81
    oracle peoplesoft enterprise tools 8.46 ga