2007-5511 | Oracle Database Server Workspace Manager sql injection (BID-26098 / XFDB-37308)

By Max On Jul 29, 2021

CVSS Meta Temp Score	Current Exploit Price (≈)	CTI Interest Score
6.0	$0-$5k	0.42

A vulnerability was found in Oracle Database Server up to 10.2.0.4.0 (Database Software). It has been classified as critical. Affected is some unknown functionality of the component Workspace Manager. The manipulation with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. This is going to have an impact on confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.

The weakness was published 10/17/2007 by David Litchfield with NGSSoftware as confirmed posting (Bugtraq). The advisory is shared for download at securityfocus.com. This vulnerability is traded as CVE-2007-5511 since 10/17/2007. The exploitability is told to be easy. It is possible to launch the attack remotely. A authentication is required for exploitation. Technical details are unknown but an exploit is available.

After immediately, there has been an exploit disclosed. It is declared as highly functional. The exploit is shared for download at exploit-db.com. As 0-day the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 56058 (Oracle Database Multiple Vulnerabilities (October 2007 CPU)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Databases.

Upgrading to version 10.2.0.4.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8992.

The vulnerability is also documented in the databases at SecurityFocus (BID 26098), X-Force (37308), Secunia (SA27251), SecurityTracker (ID 1018823) and Vulnerability Center (SBV-16570). Similar entries are available at 39349, 39342, 39323 and 39322.

Type

Vendor

Name

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍

AV	AC	Au	C	I	A
🔍	🔍	🔍	🔍	🔍	🔍
🔍	🔍	🔍	🔍	🔍	🔍
🔍	🔍	🔍	🔍	🔍	🔍

Vector	Complexity	Authentication	Confidentiality	Integrity	Availability
unlock	unlock	unlock	unlock	unlock	unlock
unlock	unlock	unlock	unlock	unlock	unlock
unlock	unlock	unlock	unlock	unlock	unlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Class: Sql injection
CWE: CWE-89
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔍
Status: Highly functional
Download: 🔍

Price Prediction: 🔍
Current Price Estimation: 🔍

0-Day	unlock	unlock	unlock	unlock
Today	unlock	unlock	unlock	unlock

Nessus ID: 56058
Nessus Name: Oracle Database Multiple Vulnerabilities (October 2007 CPU)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍

MetaSploit ID: lt_findricset_cursor.rb
MetaSploit Name: Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method
MetaSploit File: 🔍

Exploit-DB: 🔍

Threat Intelligenceinfoedit

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍

Reaction Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍

Upgrade: Database Server 10.2.0.4.1
TippingPoint: 🔍

McAfee IPS: 🔍
McAfee IPS Version: 🔍

ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍

10/17/2007 🔍
10/17/2007 +0 days 🔍
10/17/2007 +0 days 🔍
10/17/2007 +0 days 🔍
10/17/2007 +0 days 🔍
10/17/2007 +0 days 🔍
10/17/2007 +0 days 🔍
10/17/2007 +0 days 🔍
10/17/2007 +0 days 🔍
10/21/2007 +3 days 🔍
01/08/2008 +79 days 🔍
03/16/2015 +2623 days 🔍
04/18/2016 +399 days 🔍
07/29/2021 +1928 days 🔍Vendor: https://www.oracle.com