Description

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.

Remediation

References

CVE-2009-1979

Related Vulnerabilities

osCommerce Incorrect Comparison Vulnerability (CVE-2020-23360)

PostgreSQL Improper Authentication Vulnerability (CVE-2007-6601)

Atlassian Jira CVE-2020-14168 Vulnerability (CVE-2020-14168)

ReviveAdserver Improper Authentication Vulnerability (CVE-2016-9124)

WordPress Plugin Analytics Tracker Cross-Site Scripting (1.1.0)

Severity

Critical

Classification

CVE-2009-1979

Tags

Missing Update Known Vulnerabilities