Oracle Database 10g Multiple Remote Vulnerabilities

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server suffers from multiple flaws.

Description :

According to its version number, the installation of Oracle on the
remote host is reportedly subject to multiple vulnerabilities, some of
which don't require authentication. They may allow an attacker to
craft SQL queries such that they would be able to retrieve any file on
the system and potentially retrieve and/or modify confidential data on
the target's Oracle server.

Solution :

http://www.red-database-security.com/advisory/oracle_htmldb_css.html
http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html
http://www.oracle.com/technetwork/topics/security/cpuapr2005-132777.pdf

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.8
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 18034 ()

Bugtraq ID: 13145
13144
13139
13238
13236
13235
13234
13239
15031
15033

CVE ID: CVE-2004-1774
CVE-2005-3202
CVE-2005-3203
CVE-2005-4832