Vulnerability Name: | CVE-2006-7141 | ||||||||
Assigned: | 2007-03-07 | ||||||||
Published: | 2007-03-07 | ||||||||
Updated: | 2018-10-16 | ||||||||
Summary: | ** DISPUTED ** Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. Note: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability. | ||||||||
CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
References: | Source: MITRE Type: CNA CVE-2006-7141 Source: MISC Type: Exploit http://www.0xdeadbeef.info/exploits/raptor_orafile.sql Source: BUGTRAQ Type: UNKNOWN 20061219 Oracle <= 9i / 10g File System Access via utl_file Exploit Source: BUGTRAQ Type: UNKNOWN 20061220 Re: Oracle <= 9i / 10g File System Access via utl_file Exploit Source: BUGTRAQ Type: UNKNOWN 20061221 Re: Oracle <= 9i / 10g File System Access via utl_file Exploit | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |