Description

Oracle SQLNet and/or listener log files are publicly accessible. The SQLNet and Listener log files provide audit data useful to the discovery of suspicious behavior. The log files may contain usernames and passwords in clear text as well as other information that could aid a malicious user with unauthorized access attempts to the database. Generation and protection of these files helps support security monitoring efforts.

Remediation

Restrict access to the listener and sqlnet log files.

References

V-2612

Trace and Log Parameter Reference

Related Vulnerabilities

WordPress Plugin Theme Editor Arbitrary File Download (2.5)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6625)

WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3)

WordPress Plugin Ghost Arbitrary File Download (0.5.5)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6612)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure