Vulnerability Name:

CVE-2008-0340 (CCN-39881)

Assigned:2008-01-15
Published:2008-01-15
Updated:2012-10-23
Summary:Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2008-0340

Source: HP
Type: UNKNOWN
SSRT061201

Source: CCN
Type: SA28518
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28518

Source: CCN
Type: SA28556
HP Oracle for OpenView Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28556

Source: CCN
Type: SECTRACK ID: 1019218
Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1019218

Source: CCN
Type: Oracle Critical Patch Update - January 2008
Oracle Critical Patch Update Advisory - January 2008

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html

Source: BID
Type: UNKNOWN
27229

Source: CCN
Type: BID-27229
Oracle January 2008 Critical Patch Update Multiple Vulnerabilities

Source: CERT
Type: US Government Resource
TA08-017A

Source: VUPEN
Type: UNKNOWN
ADV-2008-0150

Source: VUPEN
Type: UNKNOWN
ADV-2008-0180

Source: XF
Type: UNKNOWN
oracle-database-prvtaqim-unspecified(39881)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:11.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.47:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.49:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:fips+:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2008-0340 (CCN-39894)

    Assigned:2008-01-15
    Published:2008-01-15
    Updated:2012-10-23
    Summary:Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).
    CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
    4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-noinfo
    Vulnerability Consequences:Informational
    References:Source: MITRE
    Type: CNA
    CVE-2008-0340

    Source: CCN
    Type: SA28518
    Oracle Products Multiple Vulnerabilities

    Source: CCN
    Type: SA28556
    HP Oracle for OpenView Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1019218
    Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: Oracle Critical Patch Update - January 2008
    Oracle Critical Patch Update Advisory - January 2008

    Source: CCN
    Type: BID-27229
    Oracle January 2008 Critical Patch Update Multiple Vulnerabilities

    Source: XF
    Type: UNKNOWN
    oracle-database-catalog-unspecified(39894)

    BACK
    oracle application server 1.0.2.2
    oracle application server 9.0.4.3
    oracle application server 10.1.2.0.2
    oracle application server 10.1.2.1.0
    oracle application server 10.1.2.2.0
    oracle application server 10.1.3.0.0
    oracle application server 10.1.3.1.0
    oracle application server 10.1.3.3.0
    oracle collaboration suite 10.1.2
    oracle database server 9.0.1.5
    oracle database server 9.2.0.8
    oracle database server 9.2.0.8dv
    oracle database server 10.1.0.5
    oracle database server 10.2.0.2
    oracle database server 10.2.0.3
    oracle database server 11.1.0.6
    oracle e-business suite 11.5.9
    oracle e-business suite 11.5.10
    oracle e-business suite 11.5.10.2
    oracle e-business suite 12.0.0
    oracle e-business suite 12.0.1
    oracle e-business suite 12.0.2
    oracle e-business suite 12.0.3
    oracle peoplesoft enterprise peopletools 8.47
    oracle peoplesoft enterprise peopletools 8.48
    oracle peoplesoft enterprise peopletools 8.49
    oracle database server 10.1.0.5 r1
    oracle database server 10.2.0.2 r2
    oracle database server 9.2.0.8 r2
    oracle database server 10.2.0.3 r2
    oracle database server 9.0.1.5
    oracle database server 9.2.0.8dv r2