Vulnerability Description
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/43673
- http://securityreason.com/securityalert/3419
- http://www.davidlitchfield.com/blog/archives/00000030.htm
- http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_d
- http://www.securityfocus.com/archive/1/483652/100/200/threaded
- http://www.securityfocus.com/bid/26425
- http://osvdb.org/43673
- http://securityreason.com/securityalert/3419
- http://www.davidlitchfield.com/blog/archives/00000030.htm
- http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_d
- http://www.securityfocus.com/archive/1/483652/100/200/threaded
- http://www.securityfocus.com/bid/26425
FAQ
What is CVE-2007-6260?
CVE-2007-6260 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the insta...
How severe is CVE-2007-6260?
CVE-2007-6260 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6260?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database Server.