CVE-2007-6260
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
06/12/2007
Last modified:
09/04/2025
Description
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/43673
- http://securityreason.com/securityalert/3419
- http://www.davidlitchfield.com/blog/archives/00000030.htm
- http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf
- http://www.securityfocus.com/archive/1/483652/100/200/threaded
- http://www.securityfocus.com/bid/26425
- http://osvdb.org/43673
- http://securityreason.com/securityalert/3419
- http://www.davidlitchfield.com/blog/archives/00000030.htm
- http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf
- http://www.securityfocus.com/archive/1/483652/100/200/threaded
- http://www.securityfocus.com/bid/26425