Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3203

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-3203
Last Modified 10 Sep 2008 03:45:52
Published 14 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-3203

Summary

The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.

Vulnerable Systems

Application

  • Oracle Html Db 1.3

  • Oracle Html Db 1.3.6


References

XF - oracle-htmldb-install-plaintext-password(22542)

MISC - http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html

SECUNIA - 14935

BUGTRAQ - 20051007 Plaintext Password Vulnerabilitiy during Installation of Oracle

FULLDISC - 20051007 Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB

BID - 15033


Last Updated: 27 May 2016 10:40:50