CVE-2001-0300

3 documents3 sources
Severity
2.1LOW
EPSS
0.6%
top 30.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Internet Directory
Timeline
PublishedJun 2
Latest updateApr 30

Description

oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: archives.neohapsis.comPatch: archives.neohapsis.com

🔴Vulnerability Details

2
GHSA
GHSA-ppp2-whvv-q4qx: oidldapd 22022-04-30
CVEList
CVE-2001-0300: oidldapd 22001-04-04
CVE-2001-0300 (LOW CVSS 2.1) | oidldapd 2.1.1.1 in Oracle 8.1.7 re | cvebase.io