Insecure Temporary File Handling in Oracle Forms by Oracle
CVE-2005-2294

Currently unrated

Key Information:

Vendor: Oracle
Status: Forms
Vendor: CVE Published:; 18 July 2005

What is CVE-2005-2294?

In certain versions of Oracle Forms, a significant security vulnerability exists where retrieved records are stored in a temporary file with permissions that allow local users to read this file. This world-readable temporary file can expose sensitive information, including credit card numbers and other personal data. As a result, unauthorized users can potentially gain access to confidential information stored within Oracle Forms, creating a significant risk for data security.

References

http://www.red-database-security.com/advisory/oracle_form...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=112129398711846&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/15991/

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 18, 2005
Vulnerability Reserved
Jul 17, 2005