CVE - CVE-2008-1816

CVE-ID
CVE-2008-1816	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080416 Oracle - SQL Injection Vulnerability in SDO_UTIL [DB05] URL:http://www.securityfocus.com/archive/1/490918/100/0/threaded CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html HP:HPSBMA02133 URL:http://www.securityfocus.com/archive/1/491024/100/0/threaded HP:SSRT061201 URL:http://www.securityfocus.com/archive/1/491024/100/0/threaded MISC:http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_util.html SECTRACK:1019855 URL:http://www.securitytracker.com/id?1019855 SECUNIA:29829 URL:http://secunia.com/advisories/29829 SECUNIA:29874 URL:http://secunia.com/advisories/29874 VUPEN:ADV-2008-1233 URL:~~http://www.vupen.com/english/advisories/2008/1233/references~~ (Obsolete source) VUPEN:ADV-2008-1267 URL:~~http://www.vupen.com/english/advisories/2008/1267/references~~ (Obsolete source) XF:oracle-cpu-april-2008(41858) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 XF:oracle-database-audit-unspecified(42000) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42000 XF:oracle-database-sdoutil-sql-injection(41999) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41999
Assigning CNA
MITRE Corporation
Date Record Created
20080415	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080415)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)