The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=101301440005580&w=2 | |
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch Vendor Advisory |
http://www.cert.org/advisories/CA-2002-08.html | Patch Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/698467 | US Government Resource |
http://www.securityfocus.com/bid/4034 | Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=101301440005580&w=2 | |
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch Vendor Advisory |
http://www.cert.org/advisories/CA-2002-08.html | Patch Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/698467 | US Government Resource |
http://www.securityfocus.com/bid/4034 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=101301440005580&w=2 - | |
References | () http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf - Patch, Vendor Advisory | |
References | () http://www.cert.org/advisories/CA-2002-08.html - Patch, Third Party Advisory, US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/698467 - US Government Resource | |
References | () http://www.securityfocus.com/bid/4034 - Patch, Vendor Advisory |
Information
Published : 2002-07-03 04:00
Updated : 2024-11-20 23:39
NVD link : CVE-2002-0562
Mitre link : CVE-2002-0562
CVE.ORG link : CVE-2002-0562
JSON object : View
Products Affected
oracle
- oracle9i
- application_server_web_cache
- application_server
CWE