QwikSec

Security Database

CVE

CWE

Training

CVE-2007-3860

Published: Jul 18, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SREASON

http://www.red-database-security.com/advisory/oracle_apex_sql_injection_check_db_password.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html

x_refsource_CONFIRM

oracle-apex-sql-injection(35499)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_HP

oracle-cpu-july2007(35490)

vdb-entry

x_refsource_XF

http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

20070718 Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD

mailing-list

x_refsource_BUGTRAQ

http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.