CVE Vulnerabilities

CVE-2002-0568

Published: Jul 03, 2002 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Affected Software

Name Vendor Start Version End Version
Oracle9i Oracle 9.0.1 9.0.1
Oracle9i Oracle 9.0 9.0
Oracle8i Oracle 8.1.7.1 8.1.7.1
Oracle8i Oracle 8.1.7 8.1.7
Application_server Oracle 1.0.2 1.0.2

References