CVE-2008-2603

Name of the Vulnerable Software and Affected Versions Oracle Database versions 10.1.0.5, 10.2.0.4, and 11.1.0.6

Description The issue concerns an unspecified vulnerability in the Resource Manager component of Oracle Database and Database Control in Enterprise Manager. It has unknown impact and can be exploited through remote authenticated attack vectors. Researcher claims suggest this might be a cross-site scripting (XSS) issue, potentially allowing remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages.

Recommendations For Oracle Database versions 10.1.0.5, 10.2.0.4, and 11.1.0.6, consider restricting access to the REFRESHCHOICE parameter in affected web pages as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.