Vulnerability Name:

CVE-2006-3711 (CCN-27897)

Assigned:2006-07-18
Published:2006-07-18
Updated:2018-10-18
Summary:Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Informational
References:Source: MITRE
Type: CNA
CVE-2006-3698

Source: MITRE
Type: CNA
CVE-2006-3699

Source: MITRE
Type: CNA
CVE-2006-3700

Source: MITRE
Type: CNA
CVE-2006-3701

Source: MITRE
Type: CNA
CVE-2006-3702

Source: MITRE
Type: CNA
CVE-2006-3703

Source: MITRE
Type: CNA
CVE-2006-3704

Source: MITRE
Type: CNA
CVE-2006-3705

Source: MITRE
Type: CNA
CVE-2006-3706

Source: MITRE
Type: CNA
CVE-2006-3707

Source: MITRE
Type: CNA
CVE-2006-3708

Source: MITRE
Type: CNA
CVE-2006-3709

Source: MITRE
Type: CNA
CVE-2006-3710

Source: MITRE
Type: CNA
CVE-2006-3711

Source: MITRE
Type: CNA
CVE-2006-3712

Source: MITRE
Type: CNA
CVE-2006-3713

Source: MITRE
Type: CNA
CVE-2006-3714

Source: MITRE
Type: CNA
CVE-2006-3715

Source: MITRE
Type: CNA
CVE-2006-3716

Source: MITRE
Type: CNA
CVE-2006-3717

Source: MITRE
Type: CNA
CVE-2006-3718

Source: MITRE
Type: CNA
CVE-2006-3719

Source: MITRE
Type: CNA
CVE-2006-3720

Source: MITRE
Type: CNA
CVE-2006-3721

Source: MITRE
Type: CNA
CVE-2006-3722

Source: MITRE
Type: CNA
CVE-2006-3723

Source: MITRE
Type: CNA
CVE-2006-3724

Source: CCN
Type: SA21111
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
21111

Source: CCN
Type: SA21165
HP Oracle for OpenView Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
21165

Source: CCN
Type: SECTRACK ID: 1016529
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1016529

Source: CCN
Type: US-CERT VU#932124
Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - July 2006

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html

Source: CCN
Type: OSVDB ID: 28849
Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE01)

Source: CCN
Type: OSVDB ID: 28850
Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE02)

Source: CCN
Type: OSVDB ID: 28851
Oracle PeopleSoft JD Edwards HTML Server Unspecified Issue

Source: CCN
Type: OSVDB ID: 28852
Oracle Enterprise Manager CORE: Repository HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 28853
Oracle Enterprise Manager Enterprise Config Management HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 28854
Oracle Enterprise Manager Management Service HTTP Information Disclosure

Source: CCN
Type: OSVDB ID: 28855
Oracle Enterprise Manager Management Service HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 28856
Oracle Collaboration Suite Calendar Authenticated HTTP Information Disclosure

Source: CCN
Type: OSVDB ID: 28857
Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure

Source: CCN
Type: OSVDB ID: 28858
Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 28859
Oracle E-Business Suite Application Object Library HTTP Information Disclosure

Source: CCN
Type: OSVDB ID: 28861
Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure

Source: CCN
Type: OSVDB ID: 28862
Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Complex Issue

Source: CCN
Type: OSVDB ID: 28863
Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Trivial Issue

Source: CCN
Type: OSVDB ID: 28864
Oracle E-Business Suite Application Object Library Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 28865
Oracle E-Business Suite Application Object Library HTTP Information Disclosure

Source: CCN
Type: OSVDB ID: 28866
Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Complex Issue

Source: CCN
Type: OSVDB ID: 28867
Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Trivial Issue

Source: CCN
Type: OSVDB ID: 28868
Oracle E-Business Suite Applications Technology Stack HTTP Trivial Information Disclosure

Source: CCN
Type: OSVDB ID: 28869
Oracle E-Business Suite Internet Expenses Authenticated HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 28870
Oracle E-Business Suite Call Center Technology Information Disclosure

Source: CCN
Type: OSVDB ID: 28871
Oracle E-Business Suite Common Applications Information Disclosure

Source: CCN
Type: OSVDB ID: 28872
Oracle E-Business Suite Exchange Unauthenticated Information Disclosure

Source: CCN
Type: OSVDB ID: 28873
Oracle E-Business Suite Exchange Authenticated Information Disclosure

Source: CCN
Type: OSVDB ID: 28874
Oracle E-Business Suite Self-Service Web Applications icx_ticket Authentication Bypass

Source: CCN
Type: OSVDB ID: 28875
Oracle E-Business Suite Workflow Cartridge Information Disclosure

Source: CCN
Type: OSVDB ID: 28876
Oracle E-Business Suite XML Gateway Unspecified Issue

Source: CCN
Type: OSVDB ID: 28877
Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS01)

Source: CCN
Type: OSVDB ID: 28878
Oracle Application Server OC4J HTTP Unspecified Authenticated Issue

Source: CCN
Type: OSVDB ID: 28879
Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS03)

Source: CCN
Type: OSVDB ID: 28880
Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS04)

Source: CCN
Type: OSVDB ID: 28881
Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS05)

Source: CCN
Type: OSVDB ID: 28882
Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue

Source: CCN
Type: OSVDB ID: 28883
Oracle Application Server OC4J HTTP Trivial DoS

Source: CCN
Type: OSVDB ID: 28884
Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure

Source: CCN
Type: OSVDB ID: 28885
Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue

Source: CCN
Type: OSVDB ID: 28886
Oracle Application Server OC4J HTTP Trivial Information Disclosure

Source: CCN
Type: OSVDB ID: 28893
Oracle Core RDBMS Nested Tables Unspecified DoS

Source: CCN
Type: OSVDB ID: 28895
Oracle WebDAV Unspecified HTTP DoS

Source: CCN
Type: OSVDB ID: 28896
Oracle Oracle Dictionary sys.dbms_ddl Unspecified Issue

Source: CCN
Type: OSVDB ID: 28898
Oracle InterMedia ordsys.ordimgidxmethods Unspecified Issue

Source: CCN
Type: OSVDB ID: 28906
Oracle ODBC Driver Call Procedure ref Cursor DoS

Source: CCN
Type: OSVDB ID: 28914
Oracle XMLDB HTTP Unspecified DoS

Source: MISC
Type: Patch, Vendor Advisory
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html

Source: CCN
Type: Red-Database-Security Web site
Details Oracle Critical Patch Update July 2006 - V1.02

Source: HP
Type: UNKNOWN
HPSBMA02133

Source: BID
Type: UNKNOWN
19054

Source: CCN
Type: BID-19054
Oracle July 2006 Security Update Multiple Vulnerabilities

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-200A
Oracle Products Contain Multiple Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-200A

Source: VUPEN
Type: UNKNOWN
ADV-2006-2863

Source: VUPEN
Type: UNKNOWN
ADV-2006-2947

Source: CCN
Type: ISS X-Force Database
Oracle Database SYS.DBMS_CDC_IMPDP SQL injection

Source: XF
Type: UNKNOWN
oracle-cpu-july2006(27897)

Source: XF
Type: UNKNOWN
oracle-cpu-july-2006(27897)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterpriseone:8.95:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterpriseone:8.96:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:pharmaceutical:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:pharmaceutical:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:pharmaceutical:4.5.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    oracle application server 9.0.2.3
    oracle application server 9.0.3.1
    oracle application server 9.0.4.1
    oracle database server 8.1.7.4
    oracle database server 9.2.0.6 r2
    oracle collaboration suite 9.0.4.2 r2
    oracle database server 10.1.0.4 r1
    oracle e-business suite 11.0
    oracle application server 9.0.4.2
    oracle application server 10.1.2.0.0 r2
    oracle application server 10.1.2.0.1 r2
    oracle application server 10.1.2.0.2 r2
    oracle database server 10.2.0.1 r2
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle collaboration suite 10.1.2 r1
    oracle e-business suite 11.5.10
    oracle peoplesoft enterprise portal 8.4
    oracle peoplesoft enterprise portal 8.8
    oracle peoplesoft enterprise portal 8.9
    oracle database server 10.2.0.2 r2
    oracle enterprise manager grid control 10.2.0.1
    oracle application server 9.0.4.3
    oracle enterpriseone 8.95
    oracle enterpriseone 8.96
    oracle e-business suite 11.5.7
    oracle e-business suite 11.5.8
    oracle e-business suite 11.5.9
    oracle pharmaceutical 4.5.0
    oracle pharmaceutical 4.5.1
    oracle pharmaceutical 4.5.2