CVE-2005-3203

Опубликовано: 14 окт. 2005

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0174.html
http://marc.info/?l=bugtraq&m=112870441917345&w=2
http://secunia.com/advisories/14935/
Vendor Advisory
http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html
Vendor Advisory
http://www.securityfocus.com/bid/15033
https://exchange.xforce.ibmcloud.com/vulnerabilities/22542
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0174.html
http://marc.info/?l=bugtraq&m=112870441917345&w=2
http://secunia.com/advisories/14935/
Vendor Advisory
http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html
Vendor Advisory
http://www.securityfocus.com/bid/15033
https://exchange.xforce.ibmcloud.com/vulnerabilities/22542

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:html_db:1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:html_db:1.3.6:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00121

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9p68-6mvc-4wmq

github

почти 4 года назад