CVE-2011-2231

{"id": "CVE-2011-2231", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-07-20T22:55:01.923", "references": [{"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html", "tags": ["US Government Resource"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, Oracle Fusion Middleware 10.1.3.5, allows remote attackers to affect availability via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente XML Developer Kit de Oracle Database Server v10.1.0.5, v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, y v11.2.0.1, Oracle Fusion Middleware v10.1.3.5, permite a atacantes remotos afectar a la disponibilidad a trav\u00e9s de vectores desconocidos."}], "lastModified": "2011-10-05T02:54:49.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A522A3-07D7-481F-A538-EA3D13256F63"}, {"criteria": "cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED41086B-840A-4B39-B249-461A4B00B57B"}, {"criteria": "cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4AC251D-9313-4A54-9623-51DC0AEC46FC"}, {"criteria": "cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ACC1D6F-2EDD-4DAA-B9CE-CF516C2B35C6"}, {"criteria": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDEDE937-C3D7-421C-9F70-F546AB823E1D"}, {"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "378CCC72-84CB-45E7-A832-516D69510540"}, {"criteria": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17FCAA6C-F1A6-469D-9449-9A99D3E70A70"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com", "evaluatorSolution": "Per: http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html\r\n\r\n'Patching the client is required to protect applications that make use of the XML Developer Kit. However, patching the server is sufficient to protect the database.'"}