CVE-2004-1367

Oracle Application Server - Exposure of Sensitive Information via Password Logging in postDBCreation.log

Title source: llm
STIX 2.1

Description

Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110382247308064&w=2
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/316206
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Patch, Vendor Advisory x_refsource_misc
http://www.ngssoftware.com/advisories/oracle23122004D.txt
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1

Scores

EPSS 0.0727
EPSS Percentile 93.6%

Details

CWE
CWE-200
Status published
Products (50)
oracle/application_server
oracle/application_server 9.0.2
oracle/application_server 9.0.2.0.0
oracle/application_server 9.0.2.0.1
oracle/application_server 9.0.2.1
oracle/application_server 9.0.2.2
oracle/application_server 9.0.2.3
oracle/application_server 9.0.3
oracle/application_server 9.0.3.1
oracle/application_server 9.0.4
... and 40 more
Published Aug 04, 2004
Tracked Since Feb 18, 2026