Lucene search

[email protected]CVE-2008-1813

HistoryApr 16, 2008 - 10:05 a.m.

CVE-2008-1813

2008-04-1610:05:00

[email protected]

web.nvd.nist.gov

cve-2008-1813

oracle database

vulnerabilities

unknown impact

remote attack vectors

sql injection

security advisory

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.

Affected configurations

NVD

Node

oracledatabase_9iMatch9.0.1.5

oracledatabase_9iMatch9.2.0.8

oracledatabase_9iMatch9.2.0.8dv

oracledatabase_serverMatch9.0.1.5fips

oracledatabase_serverMatch10.1.0.5

oracledatabase_serverMatch10.2.0.3

CPENameOperatorVersion
oracle:database_9ioracle database 9ieq9.0.1.5
oracle:database_9ioracle database 9ieq9.2.0.8
oracle:database_9ioracle database 9ieq9.2.0.8dv
oracle:database_serveroracle database servereq9.0.1.5
oracle:database_serveroracle database servereq10.1.0.5
oracle:database_serveroracle database servereq10.2.0.3

CPE	Name	Operator	Version
oracle:database_9i	oracle database 9i	eq	9.0.1.5
oracle:database_9i	oracle database 9i	eq	9.2.0.8
oracle:database_9i	oracle database 9i	eq	9.2.0.8dv
oracle:database_server	oracle database server	eq	9.0.1.5
oracle:database_server	oracle database server	eq	10.1.0.5
oracle:database_server	oracle database server	eq	10.2.0.3

References

secunia.com/advisories/29829

secunia.com/advisories/29874

www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html

www.red-database-security.com/advisory/oracle_outln_password_change.html

www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html

www.securityfocus.com/archive/1/490919/100/0/threaded

www.securityfocus.com/archive/1/490950/100/0/threaded

www.securityfocus.com/archive/1/491024/100/0/threaded

www.securitytracker.com/id?1019855

www.vupen.com/english/advisories/2008/1233/references

www.vupen.com/english/advisories/2008/1267/references

exchange.xforce.ibmcloud.com/vulnerabilities/41858

exchange.xforce.ibmcloud.com/vulnerabilities/41991

exchange.xforce.ibmcloud.com/vulnerabilities/41992

exchange.xforce.ibmcloud.com/vulnerabilities/41993

exchange.xforce.ibmcloud.com/vulnerabilities/41994

exchange.xforce.ibmcloud.com/vulnerabilities/41995

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2008-1813

cvelist1 prion1 nvd1 nessus1