Unspecified Vulnerability in Oracle Database Advanced Replication Component
CVE-2008-2592

Currently unrated

Key Information:

Vendor: Oracle
Status: Database Server; Oracle Database; Advanced Replication Component
Vendor: CVE Published:; 15 July 2008

What is CVE-2008-2592?

An unspecified vulnerability exists within the Advanced Replication component of various versions of Oracle Database, enabling potential remote authenticated attack vectors. The flaw is suspected of involving SQL injection issues in the DELETE_TRAN procedure of SYS.DBMS_DEFER_SYS. The severity of this potential threat has elicited concern from security researchers, although official responses from Oracle have not confirmed the specifics of the vulnerability. This poses risks to users running affected versions of Oracle Database as the exact impact is still unclear.

References

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/2115

vdb-entryx_refsource_VUPEN

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2008
Vulnerability Reserved
Jun 9, 2008