| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.8 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, was found in Oracle Application Server 9.0.2.3 (Application Server Software). This affects an unknown code. The manipulation with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. This is going to have an impact on confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.
The weakness was presented 07/21/2006 by Alexander Kornbrust with Next Generation Security Software (Website). The advisory is shared at us-cert.gov. This vulnerability is uniquely identified as CVE-2006-3710 since 07/18/2006. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available.
A public exploit has been developed in Perl. It is declared as proof-of-concept. The exploit is shared for download at securityfocus.com. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 57619 (Oracle Application Server Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Web Servers.
Applying a patch is able to eliminate this problem.
The vulnerability is also documented in the databases at SecurityFocus (BID 19054), X-Force (27897), Secunia (SA21111), SecurityTracker (ID 1016529) and Tenable (57619). See 578, 15392, 16220 and 16221 for similar entries.
Type
Vendor
Name
VulDB Meta Base Score: 9.8
VulDB Meta Temp Score: 8.8
VulDB Base Score: 9.8
VulDB Temp Score: 8.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Sql injection
CWE: CWE-89
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 57619
Nessus Name: Oracle Application Server Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Patch
Status: 🔍
0-Day Time: 🔍
Patch: us-cert.gov
07/18/2006 🔍
07/18/2006 🔍
07/18/2006 🔍
07/19/2006 🔍
07/21/2006 🔍
07/21/2006 🔍
03/12/2015 🔍
07/12/2021 🔍Vendor: https://www.oracle.com
Advisory: us-cert.gov
Researcher: Alexander Kornbrust
Organization: Next Generation Security Software
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2006-3710 (🔍)
SecurityFocus: 19054 – Oracle July 2006 Security Update Multiple Vulnerabilities
Secunia: 21111 – Oracle Products Multiple Vulnerabilities, Highly Critical
X-Force: 27897 – Oracle Critical Patch Update – July 2006
SecurityTracker: 1016529 – Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact
Vupen: ADV-2006-2863
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Created: 03/12/2015 14:25
Updated: 07/12/2021 19:12
Changes: (3) source_nessus_risk exploit_price_0day vulnerability_cvss2_nvd_basescore
Complete: 🔍
Enable the mail alert feature now!
