Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1089 — Oracle Application Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

14.8%

top 5.48%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Application Server Oracle Reports

Timeline

PublishedOct 4

Latest updateApr 30

Description

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDoracle/reports6.0.8, 6.0.8.19+1

▶NVDoracle/application_server9.0.2

🔴Vulnerability Details

GHSA

GHSA-r99q-5xx6-hfxw: rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers↗2022-04-30

▶

CVEList

CVE-2002-1089: rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers↗2002-08-31

▶

💥Exploits & PoCs

Exploit-DB

Oracle Reports Server 6.0.8/9.0.2 - Information Disclosure↗2002-07-18

▶