Oracle Single Sign-On HTTP Unspecified Information Disclosure

2005-07-12T10:29:54
ID OSVDB:18028
Type osvdb
Reporter OSVDB
Modified 2005-07-12T10:29:54

Description

Vulnerability Description

Oracle Database Server contains an unspecified flaw related to the Single Sign On component that may allow a remote attacker to compromise the confidentiality of a server via HTTP. No further details have been provided.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.

Short Description

Oracle Database Server contains an unspecified flaw related to the Single Sign On component that may allow a remote attacker to compromise the confidentiality of a server via HTTP. No further details have been provided.

References:

Vendor Specific Advisory URL Security Tracker: 1014466 Secunia Advisory ID:15991 Secunia Advisory ID:16121 Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA04-245A.html Keyword: DB10 Generic Informational URL: http://www.eweek.com/article2/0,1895,1836304,00.asp CERT VU: 316206