Remote Format String Vulnerability in Oracle Database's TimesTen Data Server
CVE-2008-5440

Currently unrated

Key Information:

Vendor: Oracle
Status: Timesten In-memory Database
Vendor: CVE Published:; 14 January 2009

Summary

An unspecified vulnerability exists in the TimesTen Data Server component of Oracle Database, which may allow remote attackers to compromise the confidentiality, integrity, and availability of the system. Exploitation could be executed via unknown vectors, with indications that it may involve a format string vulnerability related to the msg parameter in the evtdump CGI module. Given the potential impact on sensitive data handling, it is crucial for users to apply relevant updates and mitigative measures.

References

http://secunia.com/advisories/33525

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/500080/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2009/0115

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jan 14, 2009
Vulnerability Reserved
Dec 11, 2008