Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0562

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0562
Last Modified 05 Sep 2008 04:28:21
Published 03 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0562

Summary

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

Vulnerable Systems

Application

  • Oracle Application Server 1.0.2

  • Oracle Application Server Web Cache 2.0.0.0

  • Oracle Application Server Web Cache 2.0.0.1

  • Oracle Application Server Web Cache 2.0.0.2

  • Oracle Application Server Web Cache 2.0.0.3

  • Oracle9i 9.0

  • Oracle9i 9.0.1


References

CERT - CA-2002-08

CERT-VN - VU#698467

BID - 4034

CONFIRM - http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf

BUGTRAQ - 20020206 JSP translation file access under Oracle 9iAS


Last Updated: 27 May 2016 10:36:59