Lucene search

MitreCVE-2005-1495

HistoryMay 11, 2005 - 4:00 a.m.

CVE-2005-1495

2005-05-1104:00:00

mitre

web.nvd.nist.gov

oracle

database

10g

fga

vulnerability

nvd

cve-2005-1495

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.007

Percentile

80.8%

JSON

Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.

Affected configurations

Nvd

Node

oracleapplication_serverMatch10.1.0.2

oracleapplication_serverMatch10.1.0.3

oracleapplication_serverMatch10.1.0.3.1

oracleoracle10gMatchenterprise_10.1.0.2

oracleoracle10gMatchenterprise_10.1.0.3

oracleoracle10gMatchenterprise_10.1.0.3.1

oracleoracle10gMatchpersonal_10.1.0.2

oracleoracle10gMatchpersonal_10.1.0.3

oracleoracle10gMatchpersonal_10.1.0.3.1

oracleoracle10gMatchstandard_10.1.0.2

oracleoracle10gMatchstandard_10.1.0.3

oracleoracle10gMatchstandard_10.1.0.3.1

oracleoracle9iMatch9.0

oracleoracle9iMatch9.0.1

oracleoracle9iMatch9.0.1.2

oracleoracle9iMatch9.0.1.3

oracleoracle9iMatch9.0.1.4

oracleoracle9iMatch9.0.2

oracleoracle9iMatch9.2.0.1

oracleoracle9iMatch9.2.0.2

oracleoracle9iMatchrelease_2_9.2.1

oracleoracle9iMatchrelease_2_9.2.2

VendorProductVersionCPE
oracleapplication_server10.1.0.2cpe:2.3:a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*
oracleapplication_server10.1.0.3cpe:2.3:a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*
oracleapplication_server10.1.0.3.1cpe:2.3:a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*
oracleoracle10genterprise_10.1.0.2cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
oracleoracle10genterprise_10.1.0.3cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*
oracleoracle10genterprise_10.1.0.3.1cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*
oracleoracle10gpersonal_10.1.0.2cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*
oracleoracle10gpersonal_10.1.0.3cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*
oracleoracle10gpersonal_10.1.0.3.1cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*
oracleoracle10gstandard_10.1.0.2cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	application_server	10.1.0.2	cpe:2.3:a:oracle:application_server:10.1.0.2:::::::*
oracle	application_server	10.1.0.3	cpe:2.3:a:oracle:application_server:10.1.0.3:::::::*
oracle	application_server	10.1.0.3.1	cpe:2.3:a:oracle:application_server:10.1.0.3.1:::::::*
oracle	oracle10g	enterprise_10.1.0.2	cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:::::::*
oracle	oracle10g	enterprise_10.1.0.3	cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:::::::*
oracle	oracle10g	enterprise_10.1.0.3.1	cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:::::::*
oracle	oracle10g	personal_10.1.0.2	cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:::::::*
oracle	oracle10g	personal_10.1.0.3	cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:::::::*
oracle	oracle10g	personal_10.1.0.3.1	cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:::::::*
oracle	oracle10g	standard_10.1.0.2	cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:::::::*

Rows per page:

1-10 of 221

References

marc.info/?l=bugtraq&m=111531683824209&w=2

www.kb.cert.org/vuls/id/777773

www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html

www.securityfocus.com/bid/16258

exchange.xforce.ibmcloud.com/vulnerabilities/20407

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.007

Percentile

80.8%

JSON

Related for CVE-2005-1495