Description
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://issues.apache.org/jira/browse/DERBY-1858
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
Patch x_refsource_confirm
http://db.apache.org/derby/releases/release-10.2.1.6.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28636
Scores
EPSS
0.0195
EPSS Percentile
78.0%
Details
Status
published
Products (4)
apache/derby
10.1.1.0
apache/derby
10.1.2.1
apache/derby
10.1.3.1
org.apache.derby/derby
0 - 10.2.1.6Maven
Published
Jul 05, 2007
Tracked Since
Feb 18, 2026