CVE-2008-1813

{"id": "CVE-2008-1813", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-04-16T10:05:00.000", "references": [{"url": "http://secunia.com/advisories/29829", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29874", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", "source": "cve@mitre.org"}, {"url": "http://www.red-database-security.com/advisory/oracle_outln_password_change.html", "source": "cve@mitre.org"}, {"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490919/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490950/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019855", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1233/references", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1267/references", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41991", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41992", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41993", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41994", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41995", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29829", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29874", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.red-database-security.com/advisory/oracle_outln_password_change.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/490919/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/490950/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1019855", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1233/references", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1267/references", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41991", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41992", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41993", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41994", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41995", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.3, presentan un impacto desconocido y vectores de ataque remotos no autenticados o autenticados relacionados con (1) SYS. DBMS_AQ en el componente Advanced Queue Server, tambi\u00e9n se conoce como DB01; (2) Core RDBMS, tambi\u00e9n se conoce como DB03; (3) SDO_GEOM en Oracle Spatial, tambi\u00e9n se conoce como DB06; (4) Export, tambi\u00e9n se conoce como DB12; y (5) DBMS_STATS en el Query Optimizer , tambi\u00e9n se conoce como DB13. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de Oracle. Oracle no ha comentado sobre las afirmaciones de investigadores confiables de que DB06 es inyecci\u00f3n SQL y DB13 se produce cuando se restablece la cuenta OUTLN para utilizar una contrase\u00f1a embebida."}], "lastModified": "2024-11-21T00:45:24.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_9i:9.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDBBD94E-B3C9-43F4-BFF5-D4E445B75585"}, {"criteria": "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35853080-470C-415B-B15B-D93A6DE856FF"}, {"criteria": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37FDC572-7FE0-41B2-99D6-139819781038"}, {"criteria": "cpe:2.3:a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D86DC2E3-3B89-4FAC-9B8F-DC629B50ADC7"}, {"criteria": "cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A522A3-07D7-481F-A538-EA3D13256F63"}, {"criteria": "cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED41086B-840A-4B39-B249-461A4B00B57B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}