CVE-2007-6260 - The installation process for Oracle 10g and llg uses accounts with default passwords, which allows r

CVE-2007-6260

Summary

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

References

Vulnerable Configurations

cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 15-10-2018 - 21:51)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	26425
bugtraq	20071113 Oracle 11g/10g Installation Vulnerability
confirm	http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf
misc	http://www.davidlitchfield.com/blog/archives/00000030.htm
osvdb	43673
sreason	3419

Last major update

15-10-2018 - 21:51

Published

06-12-2007 - 02:46

Last modified

15-10-2018 - 21:51