Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2595Oracle Database 10G vulnerability

6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
16.5%
top 5.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Database 10GOracle Database 9I
Timeline
PublishedJul 15
Latest updateMay 1

Description

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDoracle/database_9i9.0.4.3
NVDoracle/database_10g10.1.2.3, 10.1.4.2+1

🔴Vulnerability Details

2
GHSA
GHSA-rwwf-h3vf-px76: Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 92022-05-01
CVEList
CVE-2008-2595: Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 92008-07-15

💥Exploits & PoCs

1
Exploit-DB
Oracle Internet Directory 10.1.4 - Remote Denial of Service2008-07-19

🕵️Threat Intelligence

2
Talos
Rule release for today2008-12-16
Talos
Rule release for today2008-12-16
CVE-2008-2595 — Oracle Database 10G vulnerability | cvebase