CVE-2002-0569 — Oracle Application Server vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

2.2%

top 15.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server

Timeline

PublishedJul 3

Latest updateApr 30

Description

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/application_server1.0.2

Patches

Patch: www.cert.org ↗Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-g3xm-75qj-2vf8: Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (X↗2022-04-30

▶

CVEList

CVE-2002-0569: Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (X↗2003-04-02

▶