CVE-2006-7217

NameCVE-2006-7217
DescriptionApache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
derby (PTS)bookworm, bullseye10.14.2.0-2fixed
forky, sid, trixie10.14.2.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
derbysource(unstable)(not affected)

Notes

- derby <not-affected> (Fixed before initial upload to Debian)
http://issues.apache.org/jira/browse/DERBY-1858
Search for package or bug name: Reporting problems