Description

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

Remediation

References

CVE-2007-6260

Related Vulnerabilities

WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1)

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.15)

Joomla Other Vulnerability (CVE-2005-3772)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-4319)

Severity

Medium

Classification

CVE-2007-6260

Tags

Missing Update Known Vulnerabilities