CVE-2006-7216
Summary
| CVE | CVE-2006-7216 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-07-05 20:30:00 UTC |
| Updated | 2008-09-05 21:16:00 UTC |
| Description | Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Derby | 10.1.1.0 | All | All | All |
| Application | Apache | Derby | 10.1.2.1 | All | All | All |
| Application | Apache | Derby | 10.1.3.1 | All | All | All |
| Application | Apache | Derby | 10.1.1.0 | All | All | All |
| Application | Apache | Derby | 10.1.2.1 | All | All | All |
| Application | Apache | Derby | 10.1.3.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [#DERBY-1708] Unprivileged user can perform lock table statement on a table which he/she does not have any access rights - ASF JIRA | CONFIRM | issues.apache.org | Patch |
| Apache Derby 10.2.1.6 Release | CONFIRM | db.apache.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.