CVE-2007-3860: SQL Injection
First published: Wed Jul 18 2007(Updated: )
Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle APEX | =2.2.0.00.32 | |
| Oracle APEX | <=3.0.0.00.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.red-database-security.com/advisory/oracle_apex_sql_injection_check_db_password.html
- http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
- http://secunia.com/advisories/26114
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
- http://www.us-cert.gov/cas/techalerts/TA07-200A.html
- http://www.securitytracker.com/id?1018415
- http://secunia.com/advisories/26166
- http://securityreason.com/securityalert/2901
- http://www.vupen.com/english/advisories/2007/2562
- http://www.vupen.com/english/advisories/2007/2635
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
- http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35499
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
- http://www.securityfocus.com/archive/1/474002/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-3860?
The severity of CVE-2007-3860 is classified as critical due to the potential for SQL injection vulnerabilities.
How do I fix CVE-2007-3860?
To fix CVE-2007-3860, update Oracle Application Express to the latest version that addresses this vulnerability.
What systems are affected by CVE-2007-3860?
CVE-2007-3860 affects Oracle Application Express versions 2.2.0.00.32 up to 3.0.0.00.20.
What impact does CVE-2007-3860 have on applications?
CVE-2007-3860 may allow unauthorized SQL queries which can compromise the integrity of the database.
Can CVE-2007-3860 be exploited remotely?
Yes, CVE-2007-3860 can potentially be exploited remotely if the affected system is accessible.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/oracle
- canonical/oracle apex
- version/oracle apex/2.2.0.00.32
- version/oracle apex/3.0.0.00.20