Vulnerability Details CVE-2004-0637
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.242
EPSS Ranking 95.7%
CVSS Severity
CVSS v2 Score 6.5
References
- http://secunia.com/advisories/12409/
- http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true
- http://www.kb.cert.org/vuls/id/316206
- http://www.securityfocus.com/bid/11099
- http://secunia.com/advisories/12409/
- http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true
- http://www.kb.cert.org/vuls/id/316206
- http://www.securityfocus.com/bid/11099
Products affected by CVE-2004-0637
-
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4
-
cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4
-
cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4
-
cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4
-
cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3
-
cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4