Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-0435

Disclosure Date: January 26, 2006
CVE-2006-0435
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2006-0435 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0435)
BID-16384 (http://www.securityfocus.com/bid/16384)
Advisory
SECUNIA-19712 (http://secunia.com/advisories/19712)
SECUNIA-18621 (http://secunia.com/advisories/18621)
SECUNIA-19859 (http://secunia.com/advisories/19859)
20060202 The History of the Oracle PLSQL Gateway Flaw (http://www.securityfocus.com/archive/1/423819/100/0/threaded)
20060125 Workaround for unpatched Oracle PLSQL Gateway flaw (http://www.securityfocus.com/archive/1/423029/100/0/threaded)
SREASON-402 (http://securityreason.com/securityalert/402)
http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html
SECTRACK-1015544 (http://securitytracker.com/id?1015544)
20060131 Re: Workaround for unpatched Oracle PLSQL Gateway flaw (http://www.securityfocus.com/archive/1/423673/100/0/threaded)
ADV-2006-1571 (http://www.vupen.com/english/advisories/2006/1571)
ADV-2006-0338 (http://www.vupen.com/english/advisories/2006/0338)
SREASON-403 (http://securityreason.com/securityalert/403)
SSRT061148 (http://www.securityfocus.com/archive/1/432267/100/0/threaded)
XF-oracle-plsql-command-execution(24363) (https://exchange.xforce.ibmcloud.com/vulnerabilities/24363)
20060125 Workaround for unpatched Oracle PLSQL Gateway flaw (http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html)
20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw (http://www.securityfocus.com/archive/1/423822/100/0/threaded)
20060208 Re: Workaround for unpatched Oracle PLSQL Gateway flaw (http://www.securityfocus.com/archive/1/424394/100/0/threaded)
20060202 The History of the Oracle PLSQL Gateway Flaw (http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html)
ADV-2006-1397 (http://www.vupen.com/english/advisories/2006/1397)
OSVDB-22719 (http://www.osvdb.org/22719)
VU#169164 (http://www.kb.cert.org/vuls/id/169164)
20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw (http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html)
SECTRACK-1015961 (http://securitytracker.com/id?1015961)
Miscellaneous
http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis