ID CVE-2008-2603
Summary Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages.
References
Vulnerable Configurations
  • Oracle Oracle Enterprise Manager 10.1.0.5
    cpe:2.3:a:oracle:enterprise_manager:10.1.0.5
  • cpe:2.3:a:oracle:enterprise_manager:10.2.0.4
    cpe:2.3:a:oracle:enterprise_manager:10.2.0.4
  • cpe:2.3:a:oracle:enterprise_manager:11.1.0.6
    cpe:2.3:a:oracle:enterprise_manager:11.1.0.6
CVSS
Base: 3.5 (as of 16-07-2008 - 11:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_JUL_2008.NASL
description The remote Oracle database server is missing the July 2008 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Advanced Replication - Authentication - Core RDBMS - Data Pump - Database Scheduler - Instance Management - Oracle Spatial - Oracle Database Vault - Resource Manager
last seen 2019-02-21
modified 2018-11-15
plugin id 56061
published 2011-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56061
title Oracle Database Multiple Vulnerabilities (July 2008 CPU)
refmap via4
bugtraq 20080804 Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter)
confirm http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
hp
  • HPSBMA02133
  • SSRT061201
sectrack
  • 1020496
  • 1020499
secunia
  • 31087
  • 31113
vupen
  • ADV-2008-2109
  • ADV-2008-2115
Last major update 22-10-2012 - 22:48
Published 15-07-2008 - 19:41
Last modified 11-10-2018 - 16:41
Back to Top