Oracle Database Multiple Remote Vulnerabilities

Medium Nessus Network Monitor Plugin ID 2822

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

According to its version number, the installation of Oracle on the remote
host is reportedly subject to multiple unspecified vulnerabilities.
Some vulnerabilities don't require authentication. It may allow an attacker
to craft SQL queries such that they would be able to retrieve any file on
the system and potentially retrieve and/or modify confidential data on the
target's Oracle server.

Solution

http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf

Plugin Details

Severity: Medium

ID: 2822

File Name: 2822.prm

Family: Database

Published: 2005/04/13

Modified: 2016/02/05

Nessus ID: 18034

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.2

Temporal Score: 4.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:W/RC:C

CVSSv3

Base Score: 5.4

Temporal Score: 5.1

Vector: CVSS3#AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:W/RC:C

Reference Information

CVE: CVE-2004-1774, CVE-2005-4832, CVE-2005-3202, CVE-2005-3203

BID: 13234, 13235, 13236, 13238, 13239, 15031, 15033, 13145, 13144, 13139

OSVDB: 15552, 15553, 15554, 15555, 15556, 15557, 15558, 15559, 15560, 15561, 15562, 15563, 15565, 15566, 15567, 15568, 15569, 15570, 15571, 15572, 15573, 15574, 15575, 15576, 15577, 15578, 15579, 15580, 15581, 15582, 15583, 15584, 15585, 15586, 15587, 15588, 15589, 15590, 15591, 15592, 15593, 15594, 15595, 15596, 15597, 15598, 15599, 15600, 15601, 15602, 15603, 15604, 15605, 15606, 15607, 15608, 15609, 15610, 15611, 15612, 15613, 15614, 15615, 15616, 15735, 15736, 15813, 20051, 20052, 20053, 9867