CVE-2006-0435
First published: Thu Jan 26 2006(Updated: )
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Java System Application Server | ||
| Oracle Java System Application Server | =1.0.2 | |
| Oracle Java System Application Server | =1.0.2.0 | |
| Oracle Java System Application Server | =1.0.2.1 | |
| Oracle Java System Application Server | =1.0.2.1s | |
| Oracle Java System Application Server | =1.0.2.2 | |
| Oracle Java System Application Server | =1.0.2.2.2 | |
| Oracle Java System Application Server | =9.0.2 | |
| Oracle Java System Application Server | =9.0.2.0.0 | |
| Oracle Java System Application Server | =9.0.2.0.1 | |
| Oracle Java System Application Server | =9.0.2.1 | |
| Oracle Java System Application Server | =9.0.2.2 | |
| Oracle Java System Application Server | =9.0.2.3 | |
| Oracle Java System Application Server | =9.0.3 | |
| Oracle Java System Application Server | =9.0.3.1 | |
| Oracle Java System Application Server | =9.0.4.0 | |
| Oracle Java System Application Server | =9.0.4.1 | |
| Oracle Java System Application Server | =9.0.4.2 | |
| Oracle Java System Application Server | =9.2.0.6 | |
| Oracle Java System Application Server | =9.2.0.7 | |
| Oracle Java System Application Server | =10.1.0.2 | |
| Oracle Java System Application Server | =10.1.0.3 | |
| Oracle Java System Application Server | =10.1.0.3.1 | |
| Oracle Java System Application Server | =10.1.0.4 | |
| Oracle Java System Application Server | =10.1.2 | |
| Oracle Java System Application Server | =10.1.2.0.2 | |
| Oracle Java System Application Server | =10.1.2.1.0 | |
| Oracle Java System Application Server | =10.1.2_.0.1 | |
| Oracle HTTP Server | =1.0.2.0 | |
| Oracle HTTP Server | =1.0.2.1 | |
| Oracle HTTP Server | =1.0.2.1s_for_apps | |
| Oracle HTTP Server | =1.0.2.2 | |
| Oracle HTTP Server | =1.0.2.2_roll_up_2 | |
| Oracle HTTP Server | =8.1.7 | |
| Oracle HTTP Server | =9.0.1 | |
| Oracle HTTP Server | =9.0.2 | |
| Oracle HTTP Server | =9.0.2.3 | |
| Oracle HTTP Server | =9.0.3.1 | |
| Oracle HTTP Server | =9.1 | |
| Oracle HTTP Server | =9.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/16384
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html
- http://www.kb.cert.org/vuls/id/169164
- http://www.osvdb.org/22719
- http://securitytracker.com/id?1015544
- http://secunia.com/advisories/18621
- http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
- http://securitytracker.com/id?1015961
- http://secunia.com/advisories/19712
- http://secunia.com/advisories/19859
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html
- http://securityreason.com/securityalert/402
- http://securityreason.com/securityalert/403
- http://www.vupen.com/english/advisories/2006/1397
- http://www.vupen.com/english/advisories/2006/1571
- http://www.vupen.com/english/advisories/2006/0338
- http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24363
- http://www.securityfocus.com/archive/1/432267/100/0/threaded
- http://www.securityfocus.com/archive/1/424394/100/0/threaded
- http://www.securityfocus.com/archive/1/423822/100/0/threaded
- http://www.securityfocus.com/archive/1/423819/100/0/threaded
- http://www.securityfocus.com/archive/1/423673/100/0/threaded
- http://www.securityfocus.com/archive/1/423029/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0435?
The severity of CVE-2006-0435 is classified as critical due to its potential impact on affected Oracle software.
How do I fix CVE-2006-0435?
To fix CVE-2006-0435, apply the appropriate security patches provided by Oracle for your affected product versions.
Which Oracle products are affected by CVE-2006-0435?
CVE-2006-0435 affects various versions of Oracle Database Server, Application Server, E-Business Suite, and Collaboration Suite.
What types of attacks can CVE-2006-0435 facilitate?
CVE-2006-0435 can potentially allow unauthorized access or manipulation of data within Oracle applications.
Is there a workaround for CVE-2006-0435?
Currently, applying patches is the recommended method; however, specific workarounds may vary based on the application environment.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/oracle
- canonical/oracle java system application server
- version/oracle java system application server/1.0.2
- version/oracle java system application server/1.0.2.0
- version/oracle java system application server/1.0.2.1
- version/oracle java system application server/1.0.2.1s
- version/oracle java system application server/1.0.2.2
- version/oracle java system application server/1.0.2.2.2
- version/oracle java system application server/9.0.2
- version/oracle java system application server/9.0.2.0.0
- version/oracle java system application server/9.0.2.0.1
- version/oracle java system application server/9.0.2.1
- version/oracle java system application server/9.0.2.2
- version/oracle java system application server/9.0.2.3
- version/oracle java system application server/9.0.3
- version/oracle java system application server/9.0.3.1
- version/oracle java system application server/9.0.4.0
- version/oracle java system application server/9.0.4.1
- version/oracle java system application server/9.0.4.2
- version/oracle java system application server/9.2.0.6
- version/oracle java system application server/9.2.0.7
- version/oracle java system application server/10.1.0.2
- version/oracle java system application server/10.1.0.3
- version/oracle java system application server/10.1.0.3.1
- version/oracle java system application server/10.1.0.4
- version/oracle java system application server/10.1.2
- version/oracle java system application server/10.1.2.0.2
- version/oracle java system application server/10.1.2.1.0
- version/oracle java system application server/10.1.2_.0.1
- canonical/oracle http server
- version/oracle http server/1.0.2.0
- version/oracle http server/1.0.2.1
- version/oracle http server/1.0.2.1s_for_apps
- version/oracle http server/1.0.2.2
- version/oracle http server/1.0.2.2_roll_up_2
- version/oracle http server/8.1.7
- version/oracle http server/9.0.1
- version/oracle http server/9.0.2
- version/oracle http server/9.0.2.3
- version/oracle http server/9.0.3.1
- version/oracle http server/9.1
- version/oracle http server/9.2.0