CVE-2008-3983

Oracle Database <11.1.0.6 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.

Exploits (2)

exploitdb WORKING POC VERIFIED

by sh2kerr · textlocalmultiple

https://www.exploit-db.com/exploits/7676

View Code ZIP pw:eip

metasploit WORKING POC

by CG · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb

View Code ZIP pw:eip

References (5)

[Permissions Required] http://secunia.com/advisories/32291

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021050

[Not Applicable] http://www.vupen.com/english/advisories/2008/2825

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45886

Scores

EPSS 0.6735

EPSS Percentile 98.6%

Details

Status published

Products (5)

oracle/database_10g 10.1.0.5

oracle/database_10g 10.2.0.3

oracle/database_11i 11.1.0.6

oracle/database_9i 9.2.0.8

oracle/database_9i 9.2.0.8dv

Published Oct 14, 2008

Tracked Since Feb 18, 2026