Description

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.

Remediation

References

CVE-2009-1979

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7536)

MySQL CVE-2021-2172 Vulnerability (CVE-2021-2172)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-11328)

WordPress Plugin FAQs Manager SQL Injection (1.0)

b2evolution Other Vulnerability (CVE-2006-6417)

Severity

Critical

Classification

CVE-2009-1979

Tags

Missing Update Known Vulnerabilities