Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1125

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-1999-1125
Last Modified 10 Sep 2008 03:01:09
Published 19 Sep 1997 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1125

Summary

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Vulnerable Systems

Application

  • Oracle Http Server 1.0

  • Oracle Http Server 2.1


References

BUGTRAQ - 19970919 Instresting practises of Oracle [Oracle Webserver]


Last Updated: 27 May 2016 10:35:17