National Cyber-Alert System
Vulnerability Summary: ARC-013
Orirignal release date: 2006-05-01
Source: Advanced Research Corporation ®

Overview

    The Oracle Listener is not password protected. Consequently, a specially crafted status request yielded account names. Arbitrary file overwrites may also be possible. Security should be enabled on the Listener by adding a password.

Impact

    CVSS Severity: 7.0 (High)
    Range: remote
    Authentication:
    Impact Type:

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Any Oracle Server

Technical Details