Lucene search

[email protected]CVE-2007-6260

HistoryDec 06, 2007 - 2:46 a.m.

CVE-2007-6260

2007-12-0602:46:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2007-6260

oracle

10g

installation

remote attackers

default passwords

listener

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

Affected configurations

NVD

Node

oracledatabase_server

CPENameOperatorVersion
oracle:database_serveroracle database servereq*

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	*

References

osvdb.org/43673

securityreason.com/securityalert/3419

www.davidlitchfield.com/blog/archives/00000030.htm

www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf

www.securityfocus.com/archive/1/483652/100/200/threaded

www.securityfocus.com/bid/26425

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2007-6260

cvelist1 prion1 nvd1