Vulnerabilities > CVE-2008-5440 - Multiple vulnerability in Oracle Timesten In-Memory Database 7.0.5.0.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
oracle
NVD
Published: 2009-01-14
Updated: 2018-10-11

Summary

Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Saint

  • bid33177
    descriptionOracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow
    iddatabase_oracle_backupndmpbo,database_oracle_backupver
    osvdb51340
    titleoracle_secure_backup_ndmp_clientauth
    typeremote
  • bid33177
    descriptionOracle Secure Backup login.php ora_osb_lcookie command execution
    iddatabase_oracle_backupver
    osvdb51343
    titleoracle_secure_backup_login_lcookie
    typeremote
  • bid33177
    descriptionOracle WebLogic Server IIS Connector JSESSIONID buffer overflow
    titleweblogic_iis_connector_jsessionid
    typeremote
  • bid33177
    descriptionOracle Secure Backup login.php rbtool command injection
    iddatabase_oracle_backupver
    osvdb51342
    titleoracle_secure_backup_login_rbtool
    typeremote
  • bid33177
    descriptionOracle Database OLAP component ODCITABLESTART buffer overflow
    iddatabase_oracle_version
    osvdb51347
    titleoracle_olap_odcitablestart
    typeremote

References