CVE Vulnerabilities

CVE-2002-0564

Published: Jul 03, 2002 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

Affected Software

Name Vendor Start Version End Version
Application_server Oracle 1.0.2 1.0.2
Application_server_web_cache Oracle 2.0.0.0 2.0.0.0
Application_server_web_cache Oracle 2.0.0.1 2.0.0.1
Application_server_web_cache Oracle 2.0.0.2 2.0.0.2
Application_server_web_cache Oracle 2.0.0.3 2.0.0.3
Oracle8i Oracle 8.1.7 8.1.7
Oracle8i Oracle 8.1.7.1 8.1.7.1
Oracle9i Oracle 9.0 9.0
Oracle9i Oracle 9.0.1 9.0.1

References