The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle JDBC Connector

vulnerability announce CVE-2015-0204 CVE-2016-3448 CVE-2016-3467

Oracle Database: vulnerabilities of July 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Database.
Impacted products: Oracle DB, Oracle JDBC Connector.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 20/07/2016.
Identifiers: CERTFR-2016-AVI-242, cpujul2016, CVE-2015-0204, CVE-2016-3448, CVE-2016-3467, CVE-2016-3479, CVE-2016-3484, CVE-2016-3488, CVE-2016-3489, CVE-2016-3506, CVE-2016-3609, VIGILANCE-VUL-20162.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.

An attacker can use a vulnerability via OJVM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3609]

An attacker can use a vulnerability via JDBC, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3506]

An attacker can use a vulnerability via Portable Clusterware, in order to trigger a denial of service. [severity:3/4; CVE-2016-3479]

An attacker can use a vulnerability via Data Pump Import, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-3489]

An attacker can use a vulnerability via Application Express, in order to obtain or alter information. [severity:2/4; CVE-2016-3448]

An attacker can use a vulnerability via Application Express, in order to trigger a denial of service. [severity:2/4; CVE-2016-3467]

An attacker can use a vulnerability via RDBMS, in order to alter information (VIGILANCE-VUL-16301).. [severity:2/4; CVE-2015-0204]

An attacker can use a vulnerability via DB Sharding, in order to alter information. [severity:2/4; CVE-2016-3488]

An attacker can use a vulnerability via Database Vault, in order to obtain or alter information. [severity:1/4; CVE-2016-3484]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle JDBC Connector: