Vulnerabilities > CVE-2005-2291 - Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
oracle
nessus
NVD
Published: 2005-07-18
Updated: 2016-10-18

Summary

Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.

Vulnerable Configurations

Part Description Count
Application
Oracle
3

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_118828.NASL
    descriptionSun Management Center 3.5.1: Solaris 8 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen2020-06-01
    modified2020-06-02
    plugin id23409
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23409
    titleSolaris 8 (sparc) : 118828-04
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_118829.NASL
    descriptionSun Management Center 3.5.1: Solaris 9 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen2020-06-01
    modified2020-06-02
    plugin id23549
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23549
    titleSolaris 9 (sparc) : 118829-04

References