CVE Vulnerabilities

CVE-2002-0565

Published: Jul 03, 2002 | Modified: Dec 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.

Affected Software

Name Vendor Start Version End Version
Application_server Oracle 1.0.2 1.0.2
Application_server_web_cache Oracle 2.0.0.0 2.0.0.0
Application_server_web_cache Oracle 2.0.0.1 2.0.0.1
Application_server_web_cache Oracle 2.0.0.2 2.0.0.2
Application_server_web_cache Oracle 2.0.0.3 2.0.0.3
Oracle9i Oracle 9.0 9.0
Oracle9i Oracle 9.0.1 9.0.1

References