PT-2009-1268 · Oracle · Oracle Database

Joxean Koret

Published

2009-01-14

Updated

2018-10-11

CVE-2008-5440

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Database version 7.0.5.0.0

Description The issue affects confidentiality, integrity, and availability. It is reportedly related to the msg parameter in the evtdump CGI module, potentially a format string vulnerability.

Recommendations For Oracle Database version 7.0.5.0.0, consider restricting access to the evtdump CGI module until a fix is available. Avoid using the msg parameter in the affected module to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-5440

Affected Products

Oracle Database

PT-2009-1268 · Oracle · Oracle Database

CVE-2008-5440

Related Identifiers

Affected Products

References · 9