CVE-2002-0568 — Oracle Application Server vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

4.8%

top 10.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Oracle Oracle8i Oracle Oracle9i

Timeline

PublishedJul 3

Latest updateApr 30

Description

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDoracle/application_server1.0.2

▶NVDoracle/oracle8i8.1.7, 8.1.7.1+1

▶NVDoracle/oracle9i9.0, 9.0.1+1

Patches

Patch: www.cert.org ↗Patch: www.kb.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-j27p-39pg-jfmj: Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including u↗2022-04-30

▶

CVEList

CVE-2002-0568: Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including u↗2002-06-11

▶