Lucene search

[email protected]CVE-2008-2592

HistoryJul 15, 2008 - 11:41 p.m.

CVE-2008-2592

2008-07-1523:41:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2008-2592

unspecified vulnerability

oracle database

advanced replication

fips+

sql injection

6.5 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

52.8%

JSON

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure.

CPENameOperatorVersion
oracle:database_serveroracle database servereq9.2.0.8
oracle:oracle_databaseoracle oracle databaseeq9.2.0.8
oracle:oracle_databaseoracle oracle databaseeq10.2.0.4
oracle:oracle_databaseoracle oracle databaseeq11.1.0.6
oracle:database_serveroracle database servereq10.1.0.5
oracle:advanced_replication_componentoracle advanced replication componenteq*
oracle:oracle_databaseoracle oracle databaseeq9.0.1.5

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	9.2.0.8
oracle:oracle_database	oracle oracle database	eq	9.2.0.8
oracle:oracle_database	oracle oracle database	eq	10.2.0.4
oracle:oracle_database	oracle oracle database	eq	11.1.0.6
oracle:database_server	oracle database server	eq	10.1.0.5
oracle:advanced_replication_component	oracle advanced replication component	eq	*
oracle:oracle_database	oracle oracle database	eq	9.0.1.5

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143

secunia.com/advisories/31087

secunia.com/advisories/31113

www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

www.securityfocus.com/archive/1/495094/100/0/threaded

www.securityfocus.com/archive/1/495336/100/0/threaded

www.securitytracker.com/id?1020499

www.vupen.com/english/advisories/2008/2109/references

www.vupen.com/english/advisories/2008/2115

6.5 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for CVE-2008-2592

securityvulns3 prion1 cvelist1 nessus1 oracle1