Executive Summary

Informations
Name CVE-2007-3860 First vendor Publication 2007-07-18
Vendor Cve Last vendor Modification 2018-10-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3860

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

Open Source Vulnerability Database (OSVDB)

Id Description
39970 Oracle Application Express wwv_flow_security.check_db_password Function SQL I...

Nessus® Vulnerability Scanner

Date Description
2013-02-20 Name : The remote host is running a vulnerable version of Oracle Apex.
File : oracle_apex_pre301.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/474002/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA07-200A.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=...
MISC http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_Jul...
http://www.red-database-security.com/advisory/oracle_apex_sql_injection_check...
http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
SECTRACK http://www.securitytracker.com/id?1018415
SECUNIA http://secunia.com/advisories/26114
http://secunia.com/advisories/26166
SREASON http://securityreason.com/securityalert/2901
VUPEN http://www.vupen.com/english/advisories/2007/2562
http://www.vupen.com/english/advisories/2007/2635
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
https://exchange.xforce.ibmcloud.com/vulnerabilities/35499

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:06:08
  • Multiple Updates
2021-04-22 01:06:41
  • Multiple Updates
2020-05-23 01:38:31
  • Multiple Updates
2020-05-23 00:20:09
  • Multiple Updates
2019-03-19 12:02:30
  • Multiple Updates
2018-10-16 00:19:10
  • Multiple Updates
2017-07-29 12:02:24
  • Multiple Updates
2016-04-26 16:23:18
  • Multiple Updates
2014-02-17 10:40:58
  • Multiple Updates
2013-05-11 10:31:58
  • Multiple Updates