Vulnerabilities > CVE-2005-2291 - Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS8_118828.NASL description Sun Management Center 3.5.1: Solaris 8 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05 last seen 2020-06-01 modified 2020-06-02 plugin id 23409 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23409 title Solaris 8 (sparc) : 118828-04 NASL family Solaris Local Security Checks NASL id SOLARIS9_118829.NASL description Sun Management Center 3.5.1: Solaris 9 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05 last seen 2020-06-01 modified 2020-06-02 plugin id 23549 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23549 title Solaris 9 (sparc) : 118829-04