CVE-1999-1125 — Oracle Http Server vulnerability

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

0.9%

top 23.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Http Server

Timeline

PublishedSep 19

Latest updateApr 17

Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/http_server2.1+1

🔴Vulnerability Details

VulDB

Oracle Webserver 1.0/2.1 Permission privileges management↗2026-04-17

▶

GHSA

GHSA-59f3-q6cq-qcpj: Oracle Webserver 2↗2022-04-30

▶

CVEList

CVE-1999-1125: Oracle Webserver 2↗2001-09-12

▶