CVE-2002-0568 | Vulnerability Database | Aqua Security

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Affected Software

Name	Vendor	Start Version	End Version
Application_server	Oracle	1.0.2 (including)	1.0.2 (including)
Oracle8i	Oracle	8.1.7 (including)	8.1.7 (including)
Oracle8i	Oracle	8.1.7.1 (including)	8.1.7.1 (including)
Oracle9i	Oracle	9.0 (including)	9.0 (including)
Oracle9i	Oracle	9.0.1 (including)	9.0.1 (including)

References

http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2
http://www.cert.org/advisories/CA-2002-08.html
http://www.kb.cert.org/vuls/id/476619
http://www.nextgenss.com/papers/hpoas.pdf
http://www.securityfocus.com/bid/4290
http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2
http://www.cert.org/advisories/CA-2002-08.html
http://www.kb.cert.org/vuls/id/476619
http://www.nextgenss.com/papers/hpoas.pdf
http://www.securityfocus.com/bid/4290

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0568
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html