Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1632

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2002-1632
Last Modified 05 Sep 2008 04:31:07
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1632

Summary

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

Vulnerable Systems

Application

  • Oracle Application Server 1.0.2

  • Oracle Application Server 1.0.2.1s

  • Oracle Application Server 1.0.2.2

  • Oracle Application Server 9.0.2.0.0

  • Oracle Application Server 9.0.2.0.1


References

CONFIRM - http://www.kb.cert.org/vuls/id/SVIM-576QLZ

CERT-VN - VU#717827

XF - oracle-appserver-info-sample(8665)

MISC - http://www.nextgenss.com/papers/hpoas.pdf

BID - 6556

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf


Last Updated: 27 May 2016 10:37:25