WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle Database Server Improper Authentication Vulnerability (CVE-2012-3137)

Description

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."

Remediation

References

Related Vulnerabilities

PHP NULL Pointer Dereference Vulnerability (CVE-2016-7131)

MySQL CVE-2018-2778 Vulnerability (CVE-2018-2778)

Drupal Core 8.7.0 Directory Traversal (8.7.0)

Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9889)

WebLogic CVE-2016-0700 Vulnerability (CVE-2016-0700)

Severity

Medium

Classification

CVE-2012-3137 CWE-287

Tags

Missing Update Known Vulnerabilities