[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1816Date: (C)2008-04-16   (M)2023-12-22


Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.5
Exploit Score: 8.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1019855
http://www.securityfocus.com/archive/1/490918/100/0/threaded
SECUNIA-29829
SECUNIA-29874
ADV-2008-1233
ADV-2008-1267
HPSBMA02133
http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html
http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_util.html
oracle-cpu-april-2008(41858)
oracle-database-audit-unspecified(42000)
oracle-database-sdoutil-sql-injection(41999)

CPE    2
cpe:/a:oracle:database_server:10.1.0.5
cpe:/a:oracle:database_server:10.2.0.3

© SecPod Technologies