Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle Database Server Credentials Management Errors Vulnerability (CVE-2007-6260)

Description

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

Remediation

References

Related Vulnerabilities

WordPress Plugin PWAMP PHP Object Injection (1.0.0)

GlassFish CVE-2017-10393 Vulnerability (CVE-2017-10393)

WordPress Plugin Traffic Analyzer SQL Injection (3.4.2)

WordPress Plugin .htaccess Redirect Cross-Site Scripting (0.3.1)

Oracle Application Server Credentials Management Errors Vulnerability (CVE-2002-2345)

Severity

Medium

Classification

CVE-2007-6260

Tags

Missing Update Known Vulnerabilities