Vulnerability Name: CVE-2006-0276 (CCN-24321) Assigned: 2006-01-17 Published: 2006-01-17 Updated: 2017-07-20 Summary: Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07, (8) OCS08, and (9) OCS09 in the (a) Email Server component; 10) OCS10 (and (11) OCS11 in the (b) Oracle Collaboration Suite Wireless & Voice (component; 12) OCS12 and (13) OCS13 in the (c) Oracle Content (Management SDK component; 14) OCS14 and (15) OCS15 in the (d) Oracle (Content Services component. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Informational References: Source: MITRECVE-2005-2371 CVE-2006-0257 CVE-2006-0258 CVE-2006-0259 CVE-2006-0260 CVE-2006-0261 CVE-2006-0262 CVE-2006-0263 CVE-2006-0265 CVE-2006-0266 CVE-2006-0267 CVE-2006-0268 CVE-2006-0269 CVE-2006-0270 CVE-2006-0271 CVE-2006-0272 CVE-2006-0273 CVE-2006-0274 CVE-2006-0275 CVE-2006-0276 CVE-2006-0277 CVE-2006-0278 CVE-2006-0279 CVE-2006-0280 CVE-2006-0281 CVE-2006-0282 CVE-2006-0283 CVE-2006-0284 CVE-2006-0285 CVE-2006-0286 CVE-2006-0287 CVE-2006-0288 CVE-2006-0289 CVE-2006-0290 CVE-2006-0291 CVE-2006-0548 CVE-2006-0549 CVE-2006-0550 CVE-2006-0551 CVE-2006-0552 Oracle Products Multiple Vulnerabilities and Security Issues 18493 HP Oracle for Openview Multiple Vulnerabilities 18608 Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact 1015499 Oracle Text SQL injection vulnerability Oracle Reports arbitrary file writing vulnerability Oracle products contain multiple vulnerabilities VU#545804 Oracle Database SYS.DBMS_METADATA_UTIL package SQL injection vulnerability Oracle Transparent Data Encryption master encryption key stored as plaintext Oracle Database Net Listener vulnerability Oracle Database XML Database SQL Injection vulnerability Oracle Reports arbitrary file reading vulnerability Oracle Database Data Pump Metadata API SQL injection vulnerability Oracle Client Tools buffer overflow vulnerability Oracle Critical Patch Update Advisory - January 2006 http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html Oracle Database Connection Manager Trivial Remote DoS Oracle Database Data Pump Metadata API DBMS_METADATA_UTIL Multiple Procedure SQL Injection Oracle Database Data Pump Metadata API DBMS_DATAPUMP Multiple Procedure SQL Injection Oracle Database Net Foundation Layer Unspecified Remote Issue Oracle Database Net Listener Multiple Unspecified Remote Issues (DB09) Oracle Database Net Listener Multiple Unspecified Remote Issues (DB11) Oracle Database Network Communications (RPC) Unspecified Remote Issue (DB12) Oracle Database Network Communications (RPC) Unspecified Remote Issue (DB13) Oracle Database Text cxtsys.catsearch Unspecified SQL Issue Oracle Database Text CTXSYS.DRILOAD Multiple Procedure SQL Injection Oracle Database TNS Authentication Phase AUTH_ALTER_SESSION Attribute SQL Injection Oracle Database Query Optimizer sys.outln_pkg Unspecified SQL Issue Oracle Database Query Optimizer Unspecified Trivial Remote DoS Oracle Database Security sys.dbms_fga.add_policy Unspecified SQL Issue Oracle Database Streams Capture DBMS_CDC_PUBLISH SET_DIRECTORY_ROOT Procedure SQL Injection Oracle Database Upgrade & Downgrade DBMS_REGISTRY Multiple Procedure SQL Injection Oracle Protocol Support Unspecified Limited Impact Remote Issue Oracle Reorganize Objects & Convert Tablespace Unspecified Local Issue Oracle Java Net Network (OID) Unspecified Trivial Remote Information Disclosure Oracle Database HTTP Server Unspecified Trivial Remote Information Disclosure Oracle Database HTTP Server Unspecified Trivial Remote DoS Oracle Workflow Cartridge HTTP Unspecified Trivial Remote Information Disclosure (WF01) Oracle Workflow Cartridge HTTP Unspecified Trivial Remote Information Disclosure (WF02) Oracle Workflow Cartridge HTTP Unspecified Trivial Remote Information Disclosure (WF03) Oracle Application Server Portal HTTP Unspecified Trivial Remote Information Disclosure Oracle Forms HTTP Unspecified Remote Issue Oracle Forms File Upload Unspecified Issue Oracle Reports Developer HTTP Unspecified Remote Issue Oracle Application Server Reports Developer HTTP Unspecified Remote DoS Oracle Application Server Reports Developer File Upload Unspecified Issue Oracle Application Server Reports Developer rwservlet customize Variable Arbitrary XML File Portion Disclosure Oracle Collaboration Suite Email Server Trivial Remote Information Disclosure (OCS01) Oracle Collaboration Suite Email Server Trivial Remote Information Disclosure (OCS02) Oracle Collaboration Suite Email Server IMAP Authenticated Remote Trivial DoS Oracle Collaboration Suite Email Server IMAP/POP Unauthenticated Remote Trivial DoS Oracle Collaboration Suite Email Server SMTP Unspecified Issue (OCS05) Oracle Collaboration Suite Email Server SMTP Unspecified Issue (OCS06) Oracle Collaboration Suite Email Server SMTP Unspecified Issue (OCS07) Oracle Collaboration Suite Email Server Unspecified Local Trivial Information Disclosure Oracle Collaboration Suite Email Server HTTP Unspecified Remote Information Disclosure Oracle Collaboration Suite Wireless & Voice Local Information Disclosure Oracle Collaboration Suite Wireless & Voice Authenticated SMS Remote Information Disclosure Oracle Collaboration Suite Management SDK FTP Unspecified Issue Oracle Collaboration Suite Management SDK HTTP Unspecified Authenticated Issue Oracle Collaboration Suite Content Services Email Unspecified Information Disclosure Oracle Collaboration Suite Content Services HTTP Unspecified Issue Oracle E-Business Suite/Applications Application Install Log File Local Information Disclosure Oracle E-Business Suite/Applications CRM Technical Foundation HTTP Information Disclosure Oracle E-Business Suite/Applications iProcurement HTTP Information Disclosure Oracle E-Business Suite/Applications Application Object Library Log File Information Disclosure Oracle E-Business Suite/Applications Application Object Library HTTP Information Disclosure (APPS05) Oracle E-Business Suite/Applications Application Object Library HTTP Information Disclosure (APPS06) Oracle E-Business Suite/Applications Applications Framework HTTP Unspecified Authenticated Issue Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS08) Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS10) Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS11) Oracle E-Business Suite/Applications Human Resources HTTP Authenticated Information Disclosure Oracle E-Business Suite/Applications iLearning HTTP Information Disclosure (APPS13) Oracle E-Business Suite/Applications iLearning HTTP Information Disclosure (APPS14) Oracle E-Business Suite/Applications Marketing HTTP Authenticated Issue (APPS15) Oracle E-Business Suite/Applications Marketing HTTP Authenticated Issue (APPS16) Oracle E-Business Suite/Applications Marketing Encyclopedia System HTTP Information Disclosure Oracle E-Business Suite/Applications Trade Management HTTP Information Disclosure Oracle E-Business Suite/Applications Web Applications Desktop Integration HTTP Information Disclosure Oracle PeopleSoft Enterprise Portal Unspecified Local Issue Oracle JD Edwards HTML Server HTTP Unspecified Issue Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS09) Oracle Database Data Pump Metadata API DBMS_METADATA_INT Multiple Procedure SQL Injection Oracle Database Text CTXSYS.DRIDML CLEAN_DML Procedure SQL Injection Oracle Database Text CTXSYS.CTX_DOC GET_ROWID Procedure SQL Injection Oracle Database Text CTXSYS.CTX_QUERY BROWSE_WORDS Procedure SQL Injection Oracle Database Text CATINDEXMETHODS Multiple Procedure SQL Injection Oracle Database Data Pump Metadata API DBMS_METADATA Unspecified Procedure SQL Injection Oracle Client Utility Unspecified Remote Overflow 16287 Oracle January Security Update Multiple Vulnerabilities ADV-2006-0243 ADV-2006-0323 Oracle Reports Server customize parameter information disclosure oracle-january2006-update(24321) oracle-january2006-update(24321) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:10.1.1:r1:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.4:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4.2:r1:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:6i:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:10.1.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:* OR cpe:/a:oracle:workflow:11.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:workflow:11.5.9.5:*:*:*:*:*:*:* BACK
oracle collaboration suite 9.0.4.2 r2
oracle application server 1.0.2.2
oracle database server 9.2.0.6 r2
oracle database server 8.0.6.3
oracle database server 10.1.0.3 r1
oracle application server 9.0.4.1
oracle collaboration suite 9.0.4.2 r2
oracle database server 9.0.1.5
oracle database server 10.1.0.4 r1
oracle enterprise manager grid control 10.1.0.3
oracle developer suite 9.0.4.1
oracle application server 9.0.4.2
oracle enterprise manager grid control 10.1.0.4
oracle application server 10.1.2.0.0 r2
oracle application server 10.1.2.0.1 r2
oracle application server 10.1.2.0.2 r2
oracle database server 10.2.0.1 r2
oracle database server 10.1.0.5 r1
oracle database server 9.2.0.7 r2
oracle collaboration suite 10.1.1 r1
oracle collaboration suite 10.1.2 r1
oracle e-business suite 11.5.10
oracle peoplesoft enterprise portal 8.4
oracle peoplesoft enterprise portal 8.8
oracle peoplesoft enterprise portal 8.9
oracle database server 10.1.0.4.2 r1
oracle developer suite 9.0.2.1
oracle developer suite 6i
oracle developer suite 9.0.4.2
oracle developer suite 10.1.2.0.2
oracle e-business suite 11.5.1
oracle e-business suite 11.5.2
oracle e-business suite 11.5.3
oracle e-business suite 11.5.4
oracle e-business suite 11.5.5
oracle e-business suite 11.5.6
oracle e-business suite 11.5.7
oracle e-business suite 11.5.8
oracle e-business suite 11.5.9
oracle workflow 11.5.1
oracle workflow 11.5.9.5
Denotes that component is vulnerable