CVE-2002-0562

3 documents3 sources

Severity

5.0MEDIUM

EPSS

3.6%

top 12.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Oracle Application Server WEB Cache Oracle Oracle9i

Timeline

PublishedJul 3

Latest updateApr 30

Description

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDoracle/application_server1.0.2

▶NVDoracle/application4 versions+3

▶NVDoracle/oracle9i9.0, 9.0.1+1

Patches

Patch: otn.oracle.com ↗Patch: www.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mj37-xm24-6549: The default configuration of Oracle 9i Application Server 1↗2022-04-30

▶

CVEList

CVE-2002-0562: The default configuration of Oracle 9i Application Server 1↗2002-06-11

▶