Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1639

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1639
Last Modified 05 Sep 2008 04:31:08
Published 01 Apr 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1639

Summary

Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".

Vulnerable Systems

Application

  • Oracle Configurator 11.5.6.16.53

  • Oracle Configurator 11.5.7.17.31

  • Oracle Configurator 11i


References

CERT-VN - VU#158323

CONFIRM - http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html

SECTRACK - 1003967

XF - oracle-configurator-uiservlet-information(8782)

BID - 4433


Last Updated: 27 May 2016 10:37:26