CVE-2005-3203

high

Description

The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/22542

http://www.securityfocus.com/bid/15033

http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html

http://secunia.com/advisories/14935/

http://marc.info/?l=bugtraq&m=112870441917345&w=2

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0174.html

Details

Source: Mitre, NVD

Published: 2005-10-14

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics