CVE-2006-0435

Description

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.

Affected products

• oracle / application_server
• oracle / application_server1.0.2 – 1.0.2
• oracle / application_server1.0.2.0 – 1.0.2.0
• oracle / application_server1.0.2.1 – 1.0.2.1
• oracle / application_server1.0.2.1s – 1.0.2.1s
• oracle / application_server1.0.2.2 – 1.0.2.2
• oracle / application_server1.0.2.2.2 – 1.0.2.2.2
• oracle / application_server9.0.2 – 9.0.2
• oracle / application_server9.0.2.0.0 – 9.0.2.0.0
• oracle / application_server9.0.2.0.1 – 9.0.2.0.1
• oracle / application_server9.0.2.1 – 9.0.2.1
• oracle / application_server9.0.2.2 – 9.0.2.2
• oracle / application_server9.0.2.3 – 9.0.2.3
• oracle / application_server9.0.3 – 9.0.3
• oracle / application_server9.0.3.1 – 9.0.3.1
• oracle / application_server9.0.4.0 – 9.0.4.0
• oracle / application_server9.0.4.1 – 9.0.4.1
• oracle / application_server9.0.4.2 – 9.0.4.2
• oracle / application_server9.2.0.6 – 9.2.0.6
• oracle / application_server9.2.0.7 – 9.2.0.7
• oracle / application_server10.1.0.2 – 10.1.0.2
• oracle / application_server10.1.0.3 – 10.1.0.3
• oracle / application_server10.1.0.3.1 – 10.1.0.3.1
• oracle / application_server10.1.0.4 – 10.1.0.4
• oracle / application_server10.1.2 – 10.1.2
• oracle / application_server10.1.2.0.2 – 10.1.2.0.2
• oracle / application_server10.1.2.1.0 – 10.1.2.1.0
• oracle / application_server10.1.2_.0.1 – 10.1.2_.0.1
• oracle / http_server1.0.2.0 – 1.0.2.0
• oracle / http_server1.0.2.1 – 1.0.2.1
• oracle / http_server1.0.2.1s_for_apps – 1.0.2.1s_for_apps
• oracle / http_server1.0.2.2 – 1.0.2.2
• oracle / http_server1.0.2.2_roll_up_2 – 1.0.2.2_roll_up_2
• oracle / http_server8.1.7 – 8.1.7
• oracle / http_server9.0.1 – 9.0.1
• oracle / http_server9.0.2 – 9.0.2
• oracle / http_server9.0.2.3 – 9.0.2.3
• oracle / http_server9.0.3.1 – 9.0.3.1
• oracle / http_server9.1 – 9.1
• oracle / http_server9.2.0 – 9.2.0

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/19712
• VENDOR_ADVISORYhttp://secunia.com/advisories/18621
• VENDOR_ADVISORYhttp://secunia.com/advisories/19859
• MISChttp://www.securityfocus.com/archive/1/423819/100/0/threaded
• MISChttp://www.securityfocus.com/archive/1/423029/100/0/threaded
• MISChttp://securityreason.com/securityalert/402
• VENDOR_ADVISORYhttp://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html
• MISChttp://securitytracker.com/id?1015544
• MISChttp://www.securityfocus.com/archive/1/423673/100/0/threaded
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1571
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0338
• MISChttp://www.securityfocus.com/bid/16384
• MISChttp://securityreason.com/securityalert/403
• MISChttp://www.securityfocus.com/archive/1/432267/100/0/threaded
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/24363
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html
• MISChttp://www.securityfocus.com/archive/1/423822/100/0/threaded
• MISChttp://www.securityfocus.com/archive/1/424394/100/0/threaded
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html
• VENDOR_ADVISORYhttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1397
• MISChttp://www.osvdb.org/22719
• MISChttp://www.securityfocus.com/archive/1/432267/100/0/threaded
• MISChttp://www.kb.cert.org/vuls/id/169164
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html
• MISChttp://securitytracker.com/id?1015961