CVE-2005-1495

Severity

75%

Complexity

99%

Confidentiality

106%

Applying patchset 10.1.0.4 is fixing this issue for Oracle 10g. Oracle 9i is still vulnerable.

Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.

Applying patchset 10.1.0.4 is fixing this issue for Oracle 10g. Oracle 9i is still vulnerable.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Oracle Oracle10g Application Server

First reported 19 years ago

2005-05-11 04:00:00

Last updated 7 years ago

2017-07-11 01:32:00

Affected Software

Oracle Oracle10g Application Server 10.1.0.2

10.1.0.2

Oracle Oracle10g Application Server 10.1.0.3

10.1.0.3

Oracle Oracle10g Application Server 10.1.0.3.1

10.1.0.3.1

References

20050505 Oracle 9i / 10g Fine Grained Auditing Issue

VU#777773

Third Party Advisory, US Government Resource

http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html

Exploit, Vendor Advisory

16258

oracle-audit-data-manipulation(20407)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.