ID CVE-2005-2293
Summary Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
References
Vulnerable Configurations
  • Oracle Formsbuilder 9.0.4
    cpe:2.3:a:oracle:forms_builder:9.0.4
CVSS
Base: 2.1 (as of 18-07-2005 - 10:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_118828.NASL
    description Sun Management Center 3.5.1: Solaris 8 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23409
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23409
    title Solaris 8 (sparc) : 118828-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_118829.NASL
    description Sun Management Center 3.5.1: Solaris 9 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23549
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23549
    title Solaris 9 (sparc) : 118829-04
refmap via4
bugtraq 20050713 Advisory: Oracle Forms Builder Password in Temp Files
confirm http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
misc http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html
secunia 15991
xf formsbuilder-temp-file-plaintext-password(21343)
Last major update 17-10-2016 - 23:26
Published 18-07-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top