CVE-2009-1968 - Vulnerability Details - OpenCVE

Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.37515.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle Subscribe	Database Server Subscribe

Configuration 1 [-]

cpe:2.3:a:oracle:database_server:10.1.8.3:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html
http://dsecrg.com/pages/vul/show.php?id=125
http://osvdb.org/55892
http://secunia.com/advisories/35776
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
http://www.securityfocus.com/bid/35681
http://www.securitytracker.com/id?1022560
http://www.vupen.com/english/advisories/2009/1900
https://exchange.xforce.ibmcloud.com/vulnerabilities/51754

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2009-07-14T23:00:00

Updated: 2024-08-07T05:36:20.274Z

Reserved: 2009-06-08T00:00:00

Link: CVE-2009-1968

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-07-14T23:30:00.377

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1968

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "20090716 [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html"}, {"name": "oracle-db-ses-unspecified(51754)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51754"}, {"name": "35776", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35776"}, {"name": "ADV-2009-1900", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1900"}, {"name": "55892", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/55892"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"}, {"tags": ["x_refsource_MISC"], "url": "http://dsecrg.com/pages/vul/show.php?id=125"}, {"name": "1022560", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022560"}, {"name": "35681", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35681"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2009-1968", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20090716 [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html"}, {"name": "oracle-db-ses-unspecified(51754)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51754"}, {"name": "35776", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35776"}, {"name": "ADV-2009-1900", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1900"}, {"name": "55892", "refsource": "OSVDB", "url": "http://osvdb.org/55892"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"}, {"name": "http://dsecrg.com/pages/vul/show.php?id=125", "refsource": "MISC", "url": "http://dsecrg.com/pages/vul/show.php?id=125"}, {"name": "1022560", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022560"}, {"name": "35681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35681"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:36:20.274Z"}, "title": "CVE Program Container", "references": [{"name": "20090716 [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html"}, {"name": "oracle-db-ses-unspecified(51754)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51754"}, {"name": "35776", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35776"}, {"name": "ADV-2009-1900", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1900"}, {"name": "55892", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/55892"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dsecrg.com/pages/vul/show.php?id=125"}, {"name": "1022560", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022560"}, {"name": "35681", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35681"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2009-1968", "datePublished": "2009-07-14T23:00:00", "dateReserved": "2009-06-08T00:00:00", "dateUpdated": "2024-08-07T05:36:20.274Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:10.1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "BDA21D58-967C-4011-AE13-CEE6E91DB721", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search."}, {"lang": "es", "value": "La vulnerabilidad no especificada en el componente Secure Enterprise Search en Database de Oracle versi\u00f3n 10.1.8.3, permite a los atacantes remotos afectar a la integridad por medio de vectores desconocidos. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de julio de 2009. Oracle no ha comentado sobre las afirmaciones de un investigador establecido de que se trata de cross-site scripting (XSS) por medio del par\u00e1metro search_p_groups en el archivo search/query/search."}], "id": "CVE-2009-1968", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-14T23:30:00.377", "references": [{"source": "secalert_us@oracle.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html"}, {"source": "secalert_us@oracle.com", "url": "http://dsecrg.com/pages/vul/show.php?id=125"}, {"source": "secalert_us@oracle.com", "url": "http://osvdb.org/55892"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35776"}, {"source": "secalert_us@oracle.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/35681"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id?1022560"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1900"}, {"source": "secalert_us@oracle.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dsecrg.com/pages/vul/show.php?id=125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/55892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51754"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}