CVE-2007-5531

Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=119332677525918&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=119332677525918&w=2	Mailing List Third Party Advisory
http://secunia.com/advisories/27251	Third Party Advisory Vendor Advisory
http://secunia.com/advisories/27409	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html	Vendor Advisory
http://www.securitytracker.com/id?1018823	Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-290A.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/3524	Permissions Required
http://www.vupen.com/english/advisories/2007/3626	Permissions Required
http://marc.info/?l=bugtraq&m=119332677525918&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=119332677525918&w=2	Mailing List Third Party Advisory
http://secunia.com/advisories/27251	Third Party Advisory Vendor Advisory
http://secunia.com/advisories/27409	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html	Vendor Advisory
http://www.securitytracker.com/id?1018823	Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-290A.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/3524	Permissions Required
http://www.vupen.com/english/advisories/2007/3626	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:application_server:-:::::::*
	cpe:2.3:a:oracle:database_server:10.2.0.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager:10.1.0.6:::::::*

History

No history.

Information

Published : 2007-10-17 23:17

Updated : 2025-04-09 00:30

NVD link : CVE-2007-5531

Mitre link : CVE-2007-5531

CVE.ORG link : CVE-2007-5531

JSON object : View

Products Affected

oracle

application_server
database_server
enterprise_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2007-5531", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-17T23:17:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27251", "tags": ["Third Party Advisory", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27409", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018823", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-290A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3524", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3626", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27251", "tags": ["Third Party Advisory", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27409", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018823", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-290A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/3524", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/3626", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Help para Web, tal y como se usa en Oracle Application Server, Oracle Database 10.2.0.3, y Enterprise Manager 10.1.0.6, tiene un impacto desconocido y vectores de ataque remotos, tambi\u00e9n conocido como EM02."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_server:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C31CBE64-612C-4B90-B847-04389218F477"}, {"criteria": "cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED41086B-840A-4B39-B249-461A4B00B57B"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager:10.1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA93A9C0-B771-46CA-A29B-9AFD719928FC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}