CVE-2004-1367
Oracle Application Server - Exposure of Sensitive Information via Password Logging in postDBCreation.log
Title source: llmDescription
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110382247308064&w=2
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/316206
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Patch, Vendor Advisory x_refsource_misc
http://www.ngssoftware.com/advisories/oracle23122004D.txt
Patch, Vendor Advisory x_refsource_confirm
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
Scores
EPSS
0.0727
EPSS Percentile
93.6%
Details
CWE
CWE-200
Status
published
Products (50)
oracle/application_server
oracle/application_server
9.0.2
oracle/application_server
9.0.2.0.0
oracle/application_server
9.0.2.0.1
oracle/application_server
9.0.2.1
oracle/application_server
9.0.2.2
oracle/application_server
9.0.2.3
oracle/application_server
9.0.3
oracle/application_server
9.0.3.1
oracle/application_server
9.0.4
... and 40 more
Published
Aug 04, 2004
Tracked Since
Feb 18, 2026