Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0169Oracle Application Server vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
19.3%
top 4.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Application Server
Timeline
PublishedMar 15
Latest updateApr 30

Description

Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j2cp-x56j-p654: Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'2022-04-30
CVEList
CVE-2000-0169: Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'2000-06-02

💥Exploits & PoCs

1
Exploit-DB
Oracle Web Listener 4.0.x - for NT Batch File2000-03-15
CVE-2000-0169 — Oracle Application Server vulnerability | cvebase