Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2595

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2595
Last Modified 22 Oct 2012 10:48:41
Published 15 Jul 2008 07:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2595

Summary

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference.

Vulnerable Systems

Application

  • Oracle Database 10g 10.1.2.3

  • Oracle Database 10g 10.1.4.2

  • Oracle Database 9i 9.0.4.3


References

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

VUPEN - ADV-2008-2115

VUPEN - ADV-2008-2109

SECTRACK - 1020494

MILW0RM - 6101

SECUNIA - 31113

SECUNIA - 31087

IDEFENSE - 20080715 Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability

HP - SSRT061201

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

HP - HPSBMA02133


Last Updated: 27 May 2016 11:01:03