CVE-2008-1813
CVE-2008-1813 is a medium-severity vulnerability in Oracle Database 9i with a CVSS 2.0 base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.5)
- EPSS exploit prediction: 2% (73rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Oracle Database 9i
- Published:
- Last modified:
Description
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.
Frequently asked questions
- What is CVE-2008-1813?
- Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.
- How severe is CVE-2008-1813?
- CVE-2008-1813 has a CVSS 2.0 base score of 6.5, rated medium severity.
- Is CVE-2008-1813 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (73rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2008-1813?
- CVE-2008-1813 primarily affects Oracle Database 9i. In total, 6 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2008-1813?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2008-1813 published?
- CVE-2008-1813 was published on 2008-04-16 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/29829
- http://secunia.com/advisories/29874
- http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html
- http://www.red-database-security.com/advisory/oracle_outln_password_change.html
- http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html
- http://www.securityfocus.com/archive/1/490919/100/0/threaded
- http://www.securityfocus.com/archive/1/490950/100/0/threaded
- http://www.securityfocus.com/archive/1/491024/100/0/threaded
- http://www.securitytracker.com/id?1019855
- http://www.vupen.com/english/advisories/2008/1233/references
- http://www.vupen.com/english/advisories/2008/1267/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41991
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41994
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41995
Affected products (6)
- cpe:2.3:a:oracle:database_9i:9.0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
More vulnerabilities in Oracle Database 9i
- CVE-2008-1812 — Critical (CVSS 10.0): Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application…
- CVE-2009-0979 — Critical (CVSS 9.0): Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote…
- CVE-2008-1817 — Critical (CVSS 9.0): Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and…
- CVE-2008-1819 — High (CVSS 7.2): Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has…
- CVE-2008-2591 — Medium (CVSS 6.5): Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6…
- CVE-2008-2607 — Medium (CVSS 6.5): Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4,…