Vulnerability Name:

CVE-2006-5366 (CCN-29782)

Assigned:2006-10-17
Published:2006-10-17
Updated:2018-10-17
Summary:Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1) Oracle Containers for J2EE, aka Vuln# OC4J01, and (2) Oracle Process Mgmt & Notification, aka OPMN01.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Informational
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Oct 18 2006 - 01:55:35 CDT
Analysis of the Oracle October 2006 Critical Patch Update

Source: MITRE
Type: CNA
CVE-2006-5332

Source: MITRE
Type: CNA
CVE-2006-5333

Source: MITRE
Type: CNA
CVE-2006-5334

Source: MITRE
Type: CNA
CVE-2006-5335

Source: MITRE
Type: CNA
CVE-2006-5336

Source: MITRE
Type: CNA
CVE-2006-5337

Source: MITRE
Type: CNA
CVE-2006-5338

Source: MITRE
Type: CNA
CVE-2006-5339

Source: MITRE
Type: CNA
CVE-2006-5340

Source: MITRE
Type: CNA
CVE-2006-5341

Source: MITRE
Type: CNA
CVE-2006-5342

Source: MITRE
Type: CNA
CVE-2006-5343

Source: MITRE
Type: CNA
CVE-2006-5344

Source: MITRE
Type: CNA
CVE-2006-5345

Source: MITRE
Type: CNA
CVE-2006-5346

Source: MITRE
Type: CNA
CVE-2006-5347

Source: MITRE
Type: CNA
CVE-2006-5348

Source: MITRE
Type: CNA
CVE-2006-5349

Source: MITRE
Type: CNA
CVE-2006-5350

Source: MITRE
Type: CNA
CVE-2006-5351

Source: MITRE
Type: CNA
CVE-2006-5352

Source: MITRE
Type: CNA
CVE-2006-5353

Source: MITRE
Type: CNA
CVE-2006-5354

Source: MITRE
Type: CNA
CVE-2006-5355

Source: MITRE
Type: CNA
CVE-2006-5356

Source: MITRE
Type: CNA
CVE-2006-5357

Source: MITRE
Type: CNA
CVE-2006-5358

Source: MITRE
Type: CNA
CVE-2006-5359

Source: MITRE
Type: CNA
CVE-2006-5360

Source: MITRE
Type: CNA
CVE-2006-5361

Source: MITRE
Type: CNA
CVE-2006-5362

Source: MITRE
Type: CNA
CVE-2006-5363

Source: MITRE
Type: CNA
CVE-2006-5364

Source: MITRE
Type: CNA
CVE-2006-5365

Source: MITRE
Type: CNA
CVE-2006-5366

Source: MITRE
Type: CNA
CVE-2006-5367

Source: MITRE
Type: CNA
CVE-2006-5368

Source: MITRE
Type: CNA
CVE-2006-5369

Source: MITRE
Type: CNA
CVE-2006-5370

Source: MITRE
Type: CNA
CVE-2006-5371

Source: MITRE
Type: CNA
CVE-2006-5372

Source: MITRE
Type: CNA
CVE-2006-5373

Source: MITRE
Type: CNA
CVE-2006-5374

Source: MITRE
Type: CNA
CVE-2006-5375

Source: MITRE
Type: CNA
CVE-2006-5376

Source: MITRE
Type: CNA
CVE-2006-5377

Source: MITRE
Type: CNA
CVE-2006-5378

Source: CCN
Type: SA22396
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22396

Source: CCN
Type: SECTRACK ID: 1017077
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1017077

Source: CCN
Type: US-CERT VU#318764
Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Source: CCN
Type: US-CERT VU#446100
Oracle CREATE_CHANGE_TABLE procedure vulnerable to PL/SQL injection

Source: CCN
Type: US-CERT VU#716964
Oracle PREPARE_UNBOUNDED_VIEW procedure vulnerable to PL/SQL injection

Source: CCN
Type: US-CERT VU#717140
Oracle ENABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Source: CCN
Type: US-CERT VU#736324
Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection

Source: CCN
Type: US-CERT VU#869292
Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Source: CCN
Type: Oracle Critical Patch Update - October 2006
Oracle Critical Patch Update Advisory - October 2006

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html

Source: CCN
Type: OSVDB ID: 31383
Oracle Pharmaceutical Applications Clinical Remote Data Capture Option Unspecified HTTP Issue

Source: CCN
Type: OSVDB ID: 31384
Oracle PeopleSoft PeopleTools Unspecified Authenticated HTTP Complete Compromise

Source: CCN
Type: OSVDB ID: 31385
Oracle PeopleSoft PeopleTools HTTP Remote Unauthenticated Unspecified Issue

Source: CCN
Type: OSVDB ID: 31386
Oracle PeopleSoft PeopleTools Unspecified Authenticated HTTP Remote Issue (PSE03)

Source: CCN
Type: OSVDB ID: 31387
Oracle PeopleSoft PeopleTools Unspecified Authenticated HTTP Remote Issue (PSE04)

Source: CCN
Type: OSVDB ID: 31388
Oracle PeopleSoft Enterprise Portal Unspecified Authenticated HTTP Remote Issue

Source: CCN
Type: OSVDB ID: 31389
Oracle PeopleSoft PeopleTools Authenticated HTTP Simple Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 31390
Oracle PeopleSoft PeopleTools Authenticated HTTP Complex Remote Information Disclosure (PSE07)

Source: CCN
Type: OSVDB ID: 31391
Oracle PeopleSoft PeopleTools Authenticated HTTP Complex Remote Information Disclosure (PSE08)

Source: CCN
Type: OSVDB ID: 31392
Oracle JD Edwards EnterpriseOne HTML Server Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 31393
Oracle Multiple Products HTTP Server htdigest Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 31394
Oracle Multiple Products HTTP Server SSL Unspecified Integrity Issue

Source: CCN
Type: OSVDB ID: 31395
Oracle Multiple Products HTTP Server SSL Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 31396
Oracle Multiple Products HTTP Server Unspecified Remote Unauthenticated Issue

Source: CCN
Type: OSVDB ID: 31397
Oracle HTTP Server SSL Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 31398
Oracle Multiple Products HTTP Server SSL Unspecified Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 31399
Oracle Multiple Products HTTP Server Mod_rewrite Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 31400
Oracle Multiple Products Single Sign-On (SSO) HTTP Uspecified Unauthenticated Remote Issue

Source: CCN
Type: OSVDB ID: 31401
Oracle Multiple Products Single Sign-On (SSO) HTTP Unauthenticated Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 31402
Oracle Collaboration Suite Containers for J2EE HTTP Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 31403
Oracle Multiple Products Containers for J2EE HTTP Remote DoS

Source: CCN
Type: OSVDB ID: 31404
Oracle Multiple Products Containers for J2EE Remote Method Invocation Remote DoS

Source: CCN
Type: OSVDB ID: 31405
Oracle Multiple Products Containers for J2EE Custom Login Module HTTP Information Disclosure

Source: CCN
Type: OSVDB ID: 31406
Oracle Collaboration Suite Process Mgmt & Notification ONS Remote DoS

Source: CCN
Type: OSVDB ID: 31407
Oracle Application Server HTTP Server PHP Module Remote DoS

Source: CCN
Type: OSVDB ID: 31408
Oracle Application Server Forms HTTP Unauthenticated Information Disclosure

Source: CCN
Type: OSVDB ID: 31409
Oracle Multiple Products Forms HTTP Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 31410
Oracle Application Server Forms HTTP Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 31413
Oracle Application Server Containers for J2EE Web Services Security Information Disclosure

Source: CCN
Type: OSVDB ID: 31414
Oracle E-Business Suite Exchange HTTP Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 31415
Oracle E-Business Suite Application Object Library HTTP Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 31416
Oracle E-Business Suite Applications Framework HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 31417
Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 31418
Oracle E-Business Suite Balanced Scorecard Manager Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 31419
Oracle E-Business Suite Scripting Agent Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 31420
Oracle E-Business Suite Trading Community TCA Administrator Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 31421
Oracle E-Business Suite CRM Gateway for Mobile Devices Mobile Field Service Administrator Information Disclosure

Source: CCN
Type: OSVDB ID: 31422
Oracle E-Business Suite Email Center Administrator Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 31423
Oracle E-Business Suite iStore HTTP Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 31424
Oracle E-Business Suite Universal Work Queue iMeeting System Configure Responsibility Information Disclosure

Source: CCN
Type: OSVDB ID: 31425
Oracle E-Business Suite Application Object Library Unspecified Issue

Source: CCN
Type: OSVDB ID: 31426
Oracle E-Business Suite Install Base Administrator Unspecified Issue

Source: CCN
Type: OSVDB ID: 31428
Oracle Database Spatial SDO_DROP_USER_BEFORE Package SQL Injection

Source: CCN
Type: OSVDB ID: 31429
Oracle Database Spatial mdsys.md2 Unspecified Issue

Source: CCN
Type: OSVDB ID: 31452
Oracle Database Spatial mdsys.sdo_geom Unspecified Issue

Source: CCN
Type: OSVDB ID: 31459
Oracle Database Spatial mdsys.sdo_tune Unspecified Issue

Source: CCN
Type: OSVDB ID: 31460
Oracle Database Scheduler sys.dbms_scheduler Unspecified Issue

Source: CCN
Type: OSVDB ID: 31463
Oracle Database Spatial mdsys.sdo_geom Unspecified DoS

Source: CCN
Type: OSVDB ID: 31472
Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX04)

Source: CCN
Type: OSVDB ID: 31488
Oracle Application Express Unauthenticated Unspecified Issue (APEX20)

Source: CCN
Type: OSVDB ID: 31489
Oracle Application Express Unauthenticated Unspecified Issue (APEX21)

Source: MISC
Type: UNKNOWN
http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html

Source: HP
Type: UNKNOWN
HPSBMA02133

Source: BID
Type: Patch
20588

Source: CCN
Type: BID-20588
Oracle October 2006 Security Update Multiple Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-291A

Source: VUPEN
Type: UNKNOWN
ADV-2006-4065

Source: XF
Type: UNKNOWN
oracle-cpu-oct2006(29782)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Oracle Database PREPARE_UNBOUNDED_VIEW SQL injection

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5::fips:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:6i:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterpriseone:8.95:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterpriseone:8.96:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.47:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:10.1.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:10.1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:apex:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:pharmaceutical:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:pharmaceutical:4.5.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle application server 9.0.4.2
    oracle application server 1.0.2.2
    oracle database server 8.1.7.4
    oracle database server 9.2.0.6 r2
    oracle database server 10.1.0.3 r1
    oracle application server 9.0.4.1
    oracle collaboration suite 9.0.4.2 r2
    oracle database server 9.0.1.5
    oracle database server 10.1.0.4 r1
    oracle e-business suite 11.0
    oracle developer suite 9.0.4.1
    oracle application server 9.0.4.2
    oracle application server 10.1.2.0.0 r2
    oracle application server 10.1.2.0.1 r2
    oracle application server 10.1.2.0.2 r2
    oracle database server 10.2.0.1 r2
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle collaboration suite 10.1.2 r1
    oracle e-business suite 11.5.10
    oracle peoplesoft enterprise portal 8.8
    oracle peoplesoft enterprise portal 8.9
    oracle developer suite 6i
    oracle developer suite 9.0.4.2
    oracle database server 10.2.0.2 r2
    oracle application server 9.0.4.3
    oracle enterpriseone 8.95
    oracle enterpriseone 8.96
    oracle peoplesoft enterprise peopletools 8.22
    oracle peoplesoft enterprise peopletools 8.47
    oracle peoplesoft enterprise peopletools 8.48
    oracle developer suite 9.0.4.3
    oracle developer suite 10.1.2.0.2
    oracle developer suite 10.1.2.2
    oracle apex 2.0
    oracle e-business suite 11.5.7
    oracle e-business suite 11.5.8
    oracle e-business suite 11.5.9
    oracle pharmaceutical 4.5.0
    oracle pharmaceutical 4.5.1