Vulnerability Description
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
CVSS Score
6.5
MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle8I | enterprise_8.1.7_.4 |
| Oracle | Oracle9I | enterprise_9.2.0.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/12409/PatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flasPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/316206PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11099
- http://secunia.com/advisories/12409/PatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flasPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/316206PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11099
FAQ
What is CVE-2004-0637?
CVE-2004-0637 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
How severe is CVE-2004-0637?
CVE-2004-0637 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0637?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Oracle8I, Oracle Oracle9I.