Vulnerability CVE-2007-5510

Vulnerability Name:

CVE-2007-5510 (CCN-37279)

Assigned:

2007-10-16

Published:

2007-10-16

Updated:

2012-10-23

Summary:

Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17, and (11) DB18.
Note: one of these issues is probably CVE-2007-5511, but there are insufficient details to be certain.

CVSS v3 Severity:

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Informational

References:

Source: MITRE
Type: CNA
CVE-2007-5504

Source: MITRE
Type: CNA
CVE-2007-5505

Source: MITRE
Type: CNA
CVE-2007-5506

Source: MITRE
Type: CNA
CVE-2007-5507

Source: MITRE
Type: CNA
CVE-2007-5508

Source: MITRE
Type: CNA
CVE-2007-5509

Source: MITRE
Type: CNA
CVE-2007-5510

Source: MITRE
Type: CNA
CVE-2007-5511

Source: MITRE
Type: CNA
CVE-2007-5512

Source: MITRE
Type: CNA
CVE-2007-5513

Source: MITRE
Type: CNA
CVE-2007-5514

Source: MITRE
Type: CNA
CVE-2007-5515

Source: MITRE
Type: CNA
CVE-2007-5516

Source: MITRE
Type: CNA
CVE-2007-5517

Source: MITRE
Type: CNA
CVE-2007-5518

Source: MITRE
Type: CNA
CVE-2007-5519

Source: MITRE
Type: CNA
CVE-2007-5520

Source: MITRE
Type: CNA
CVE-2007-5521

Source: MITRE
Type: CNA
CVE-2007-5522

Source: MITRE
Type: CNA
CVE-2007-5523

Source: MITRE
Type: CNA
CVE-2007-5524

Source: MITRE
Type: CNA
CVE-2007-5525

Source: MITRE
Type: CNA
CVE-2007-5526

Source: MITRE
Type: CNA
CVE-2007-5527

Source: MITRE
Type: CNA
CVE-2007-5528

Source: MITRE
Type: CNA
CVE-2007-5529

Source: MITRE
Type: CNA
CVE-2007-5530

Source: MITRE
Type: CNA
CVE-2007-5531

Source: MITRE
Type: CNA
CVE-2007-5532

Source: MITRE
Type: CNA
CVE-2007-5533

Source: MITRE
Type: CNA
CVE-2007-5534

Source: MITRE
Type: CNA
CVE-2007-5766

Source: CCN
Type: HP Security Bulletin HPSBMA02133 SSRT061201 rev.6
HP Oracle for OpenView (OfO) Critical Patch Update

Source: HP
Type: UNKNOWN
SSRT061201

Source: SECUNIA
Type: Vendor Advisory
27251

Source: SECUNIA
Type: UNKNOWN
27409

Source: CCN
Type: Oracle Critical Patch Update - October 2007
Oracle Critical Patch Update Advisory - October 2007

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html

Source: CCN
Type: BID-26108
Oracle Database Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018823

Source: CERT
Type: US Government Resource
TA07-290A

Source: VUPEN
Type: UNKNOWN
ADV-2007-3524

Source: VUPEN
Type: UNKNOWN
ADV-2007-3626

Source: XF
Type: UNKNOWN
oracle-cpu-oct2007(37279)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Oracle Database Advanced Queuing SYS.DBMS_AQADM buffer overflow

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:database_server:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*

OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*

OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*

OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.47:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_human_capital_management:8.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:9.0.1.5::fips+:*:*:*:*:*

OR cpe:/a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.49:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_human_capital_management:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager:10.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite:12.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite:12.0.3:*:*:*:*:*:*:*

AND

cpe:/a:hp:oracle_for_openview:8.1.7:*:*:*:*:*:*:*

OR cpe:/a:hp:oracle_for_openview:9.1.01:*:*:*:*:*:*:*

OR cpe:/a:hp:oracle_for_openview:9.2:*:*:*:*:*:*:*

OR cpe:/a:hp:oracle_for_openview:10g:*:*:*:*:*:*:*

OR cpe:/a:hp:oracle_for_openview:10g:r2:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2007-5510 (CCN-37308)

Assigned:

2007-10-16

Published:

2007-10-16

Updated:

2007-10-16

Summary:

Multiple unspecified vulnerabilities in Oracle Database related to the "Workspace Manager" component has an unknown impact and remote attack vector.

CVSS v3 Severity:

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2007-5510

Source: CCN
Type: HP Security Bulletin HPSBMA02133 SSRT061201 rev.6
HP Oracle for OpenView (OfO) Critical Patch Update

Source: CCN
Type: SA27251
Oracle Products Multiple Vulnerabilities

Source: CCN
Type: SA27409
HP Oracle for OpenView Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1018823
Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact

Source: CCN
Type: Oracle Critical Patch Update - October 2007
Oracle Critical Patch Update Advisory - October 2007

Source: XF
Type: UNKNOWN
oracle-database-workspace-unspecified(37308)

BACK