Vulnerability Description
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that this is for multiple SQL injection vulnerabilities via the (1) idx_owner or (2) idx_name parameters to the create_tables procedure.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | 9.2.0.8 |
References
- http://osvdb.org/59113
- http://secunia.com/advisories/37027
- http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
- http://www.securityfocus.com/bid/36748
- http://www.securitytracker.com/id?1023057
- http://www.us-cert.gov/cas/techalerts/TA09-294A.htmlUS Government Resource
- http://osvdb.org/59113
- http://secunia.com/advisories/37027
- http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
- http://www.securityfocus.com/bid/36748
- http://www.securitytracker.com/id?1023057
- http://www.us-cert.gov/cas/techalerts/TA09-294A.htmlUS Government Resource
FAQ
What is CVE-2009-1991?
CVE-2009-1991 is a vulnerability with a CVSS score of 3.6 (LOW). Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related ...
How severe is CVE-2009-1991?
CVE-2009-1991 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1991?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database Server.