VDB
CVE-2006-5332
CVE-2006-5332
PUBLISHED
CVSS 9 CRITICAL
Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure.
EPSS 4.65% · 89.5th percentile
Risk Scores
CVSS 2.0
9
EPSS Score
4.65%
89.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| oracle | database_server | 9.2.0.6, 10.1.0.4 |
Timeline
- Oct 18, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 21, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html url
- 20588 vdb
- HPSBMA02133 vendor-advisory
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html url
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf url
- http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html url
- 20061023 SQL Injection in package XDB.DBMS_XDBZ0 mailing-list
- 20061018 Analysis of the Oracle October 2006 Critical Patch Update mailing-list
- ADV-2006-4065 vdb
- VU#717140 third-party-advisory
- 22396 third-party-advisory
- 1017077 vdb
- TA06-291A third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-5332 advisory