Lucene search

[email protected]CVE-2004-1366

HistoryAug 04, 2004 - 4:00 a.m.

CVE-2004-1366

2004-08-0404:00:00

CWE-255

[email protected]

web.nvd.nist.gov

oracle

10g

database server

sysman account

password

cleartext

security vulnerability

nvd

cve-2004-1366

6.5 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.2%

JSON

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

CPENameOperatorVersion
oracle:oracle10goracle oracle10geqstandard_9.0.4_.0
oracle:oracle8ioracle oracle8ieqstandard_8.1.7_.4
oracle:oracle9ioracle oracle9ieqstandard_9.0.2
oracle:oracle9ioracle oracle9ieqstandard_9.0.1.4
oracle:collaboration_suiteoracle collaboration suiteeqrelease_1
oracle:application_serveroracle application servereq9.0.2.1
oracle:oracle8ioracle oracle8ieqenterprise_8.1.6_.0.0
oracle:oracle9ioracle oracle9ieqpersonal_8.1.7
oracle:application_serveroracle application servereq*
oracle:oracle9ioracle oracle9ieqclient_9.2.0.2

CPE	Name	Operator	Version
oracle:oracle10g	oracle oracle10g	eq	standard_9.0.4_.0
oracle:oracle8i	oracle oracle8i	eq	standard_8.1.7_.4
oracle:oracle9i	oracle oracle9i	eq	standard_9.0.2
oracle:oracle9i	oracle oracle9i	eq	standard_9.0.1.4
oracle:collaboration_suite	oracle collaboration suite	eq	release_1
oracle:application_server	oracle application server	eq	9.0.2.1
oracle:oracle8i	oracle oracle8i	eq	enterprise_8.1.6_.0.0
oracle:oracle9i	oracle oracle9i	eq	personal_8.1.7
oracle:application_server	oracle application server	eq	*
oracle:oracle9i	oracle oracle9i	eq	client_9.2.0.2

Rows per page:

1-10 of 871

References

sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1

www.kb.cert.org/vuls/id/316206

www.ngssoftware.com/advisories/oracle23122004D.txt

www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

www.securityfocus.com/archive/1/385323

www.securityfocus.com/bid/10871

www.us-cert.gov/cas/techalerts/TA04-245A.html

exchange.xforce.ibmcloud.com/vulnerabilities/18661

6.5 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVE-2004-1366

nessus5