CVE-2002-0103

5 documents5 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 76.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Application Server WEB Cache
Timeline
PublishedMar 25
Latest updateApr 30

Description

An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDoracle/application2.0.0.0, 2.0.0.1, 2.0.0.2+2

Patches

Patch: otn.oracle.comPatch: otn.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-f3jp-grwv-3275: An installer program for Oracle9iAS Web Cache 22022-04-30
CVEList
CVE-2002-0103: An installer program for Oracle9iAS Web Cache 22002-03-15

📋Vendor Advisories

1
Red Hat
krb5: UDP ping-pong flaw in kpasswd2002-06-16
CVE-2002-0103 (MEDIUM CVSS 4.6) | An installer program for Oracle9iAS | cvebase.io