Oracle Database Multiple Remote Vulnerabilities

medium Nessus Network Monitor Plugin ID 2840

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple unspecified vulnerabilities. Some vulnerabilities don't require authentication. It may allow an attacker to craft SQL queries such that they would be able to retrieve any file on the system and potentially retrieve and/or modify confidential data on the target's Oracle server.

Solution

http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf

Plugin Details

Severity: Medium

ID: 2840

Family: Database

Published: 4/19/2005

Updated: 3/6/2019

Nessus ID: 18034

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.2

Temporal Score: 4.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5.2

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:oracle10g

Reference Information

CVE: CVE-2004-1774, CVE-2005-3202, CVE-2005-3203, CVE-2005-4832

BID: 13139, 13144, 13145, 13234, 13235, 13236, 13238, 13239, 15031, 15033