Vulnerabilities > CVE-2008-3995 - Denial-Of-Service vulnerability in Oracle Database 10G and Database 11I
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Metasploit
description | The module exploits an sql injection flaw in the ALTER_AUTOLOG_CHANGE_SOURCE procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1. Fixed with October 2008 CPU. |
id | MSF:AUXILIARY/SQLI/ORACLE/DBMS_CDC_PUBLISH |
last seen | 2020-02-11 |
modified | 2017-07-24 |
published | 2009-07-28 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3995 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb |
title | Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_OCT_2008.NASL |
description | The remote Oracle database server is missing the October 2008 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Core RDBMS - Oracle Application Express - Oracle Data Capture - Oracle Data Mining - Oracle OLAP - Oracle Spatial - Upgrade - Workspace Manager |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56062 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56062 |
title | Oracle Database Multiple Vulnerabilities (October 2008 CPU) |
code |
|