| VID |
25159 |
| Severity |
40 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The ORACLE server on the host system sets application account's role or DBA account's role to Public. If application account's role or DBA account's role is set to Public, General account also can access application table or DBA table.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Revoke public group's authority as following.
SQL> revoke (role_name) from public; |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
