Vulnerability Description
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | 9.2.0.8 |
References
- http://marc.info/?l=bugtraq&m=119332677525918&w=2
- http://secunia.com/advisories/27251Vendor Advisory
- http://secunia.com/advisories/27409
- http://securityreason.com/securityalert/3247
- http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ft
- http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
- http://www.securityfocus.com/archive/1/482426/100/0/threaded
- http://www.securityfocus.com/bid/26107
- http://www.securitytracker.com/id?1018823
- http://www.us-cert.gov/cas/techalerts/TA07-290A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/3524
- http://www.vupen.com/english/advisories/2007/3626
- http://marc.info/?l=bugtraq&m=119332677525918&w=2
- http://secunia.com/advisories/27251Vendor Advisory
- http://secunia.com/advisories/27409
FAQ
What is CVE-2007-5513?
CVE-2007-5513 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) ...
How severe is CVE-2007-5513?
CVE-2007-5513 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5513?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database Server.