Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2589

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-2589
Last Modified 22 Oct 2012 10:48:39
Published 15 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2589

Summary

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.

Vulnerable Systems

Application

  • Oracle Application Server 10.1.2.2

  • Oracle Application Server 10.1.4.1

  • Oracle Application Server 9.0.4.3

  • Oracle Portal Component


References

VUPEN - ADV-2008-2115

VUPEN - ADV-2008-2109

SECTRACK - 1020494

BUGTRAQ - 20080715 Oracle Application Server PLSQL injection flaw

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

SECUNIA - 31113

SECUNIA - 31087

HP - HPSBMA02133

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

HP - SSRT061201


Last Updated: 27 May 2016 10:49:42