Description

Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.

Remediation

References

CVE-2004-1365

Related Vulnerabilities

MySQL CVE-2015-0374 Vulnerability (CVE-2015-0374)

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

Oracle HTTP Server Other Vulnerability (CVE-2002-0655)

Oracle Database Server Create Session privilege issue (CVE-2021-1993)

Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-42123)

Severity

Medium

Classification

CVE-2004-1365

Tags

Missing Update Known Vulnerabilities