4.4

CVE-2004-1367

EPSS 0.38%
Published 04.08.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Application Server

Oracle ≫ Application Server Version9.0.2

Oracle ≫ Application Server Version9.0.2.0.0

Oracle ≫ Application Server Version9.0.2.0.1

Oracle ≫ Application Server Version9.0.2.1

Oracle ≫ Application Server Version9.0.2.2

Oracle ≫ Application Server Version9.0.2.3

Oracle ≫ Application Server Version9.0.3

Oracle ≫ Application Server Version9.0.3.1

Oracle ≫ Application Server Version9.0.4

Oracle ≫ Application Server Version9.0.4.0

Oracle ≫ Application Server Version9.0.4.1

Oracle ≫ Collaboration Suite Versionrelease_1

Oracle ≫ E-business Suite Version11.5.1

Oracle ≫ E-business Suite Version11.5.2

Oracle ≫ E-business Suite Version11.5.3

Oracle ≫ E-business Suite Version11.5.4

Oracle ≫ E-business Suite Version11.5.5

Oracle ≫ E-business Suite Version11.5.6

Oracle ≫ E-business Suite Version11.5.7

Oracle ≫ E-business Suite Version11.5.8

Oracle ≫ E-business Suite Version11.5.9

Oracle ≫ Enterprise Manager Version9

Oracle ≫ Enterprise Manager Version9.0.1

Oracle ≫ Enterprise Manager Database Control Version10.1.2

Oracle ≫ Enterprise Manager Grid Control Version10.1.0.2

Oracle ≫ Oracle10g Versionenterprise_9.0.4_.0

Oracle ≫ Oracle10g Versionenterprise_10.1.0.2

Oracle ≫ Oracle10g Versionpersonal_9.0.4_.0

Oracle ≫ Oracle10g Versionpersonal_10.1_.0.2

Oracle ≫ Oracle10g Versionstandard_9.0.4_.0

Oracle ≫ Oracle10g Versionstandard_10.1_.0.2

Oracle ≫ Oracle8i Versionenterprise_8.0.5_.0.0

Oracle ≫ Oracle8i Versionenterprise_8.0.6_.0.0

Oracle ≫ Oracle8i Versionenterprise_8.0.6_.0.1

Oracle ≫ Oracle8i Versionenterprise_8.1.5_.0.0

Oracle ≫ Oracle8i Versionenterprise_8.1.5_.0.2

Oracle ≫ Oracle8i Versionenterprise_8.1.5_.1.0

Oracle ≫ Oracle8i Versionenterprise_8.1.6_.0.0

Oracle ≫ Oracle8i Versionenterprise_8.1.6_.1.0

Oracle ≫ Oracle8i Versionenterprise_8.1.7_.0.0

Oracle ≫ Oracle8i Versionenterprise_8.1.7_.1.0

Oracle ≫ Oracle8i Versionenterprise_8.1.7_.4

Oracle ≫ Oracle8i Versionstandard_8.0.6

Oracle ≫ Oracle8i Versionstandard_8.0.6_.3

Oracle ≫ Oracle8i Versionstandard_8.1.5

Oracle ≫ Oracle8i Versionstandard_8.1.6

Oracle ≫ Oracle8i Versionstandard_8.1.7

Oracle ≫ Oracle8i Versionstandard_8.1.7_.0.0

Oracle ≫ Oracle8i Versionstandard_8.1.7_.1

Oracle ≫ Oracle8i Versionstandard_8.1.7_.4

Oracle ≫ Oracle9i Versionclient_9.2.0.1

Oracle ≫ Oracle9i Versionclient_9.2.0.2

Oracle ≫ Oracle9i Versionenterprise_8.1.7

Oracle ≫ Oracle9i Versionenterprise_9.0.1

Oracle ≫ Oracle9i Versionenterprise_9.0.1.4

Oracle ≫ Oracle9i Versionenterprise_9.0.1.5

Oracle ≫ Oracle9i Versionenterprise_9.2.0

Oracle ≫ Oracle9i Versionenterprise_9.2.0.1

Oracle ≫ Oracle9i Versionenterprise_9.2.0.2

Oracle ≫ Oracle9i Versionenterprise_9.2.0.3

Oracle ≫ Oracle9i Versionenterprise_9.2.0.4

Oracle ≫ Oracle9i Versionenterprise_9.2.0.5

Oracle ≫ Oracle9i Versionpersonal_8.1.7

Oracle ≫ Oracle9i Versionpersonal_9.0.1

Oracle ≫ Oracle9i Versionpersonal_9.0.1.4

Oracle ≫ Oracle9i Versionpersonal_9.0.1.5

Oracle ≫ Oracle9i Versionpersonal_9.2

Oracle ≫ Oracle9i Versionpersonal_9.2.0.1

Oracle ≫ Oracle9i Versionpersonal_9.2.0.2

Oracle ≫ Oracle9i Versionpersonal_9.2.0.3

Oracle ≫ Oracle9i Versionpersonal_9.2.0.4

Oracle ≫ Oracle9i Versionpersonal_9.2.0.5

Oracle ≫ Oracle9i Versionstandard_8.1.7

Oracle ≫ Oracle9i Versionstandard_9.0

Oracle ≫ Oracle9i Versionstandard_9.0.1

Oracle ≫ Oracle9i Versionstandard_9.0.1.2

Oracle ≫ Oracle9i Versionstandard_9.0.1.3

Oracle ≫ Oracle9i Versionstandard_9.0.1.4

Oracle ≫ Oracle9i Versionstandard_9.0.1.5

Oracle ≫ Oracle9i Versionstandard_9.0.2

Oracle ≫ Oracle9i Versionstandard_9.2

Oracle ≫ Oracle9i Versionstandard_9.2.0.1

Oracle ≫ Oracle9i Versionstandard_9.2.0.2

Oracle ≫ Oracle9i Versionstandard_9.2.0.3

Oracle ≫ Oracle9i Versionstandard_9.2.0.4

Oracle ≫ Oracle9i Versionstandard_9.2.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.562

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1

http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

Patch

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-245A.html

US Government Resource

http://www.kb.cert.org/vuls/id/316206

US Government Resource

http://www.ngssoftware.com/advisories/oracle23122004D.txt

Patch

Vendor Advisory

http://marc.info/?l=bugtraq&m=110382247308064&w=2

https://nvd.nist.gov/vuln/detail/CVE-2004-1367

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1367

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1367

EUVD