CVE-2002-1632 — Oracle Application Server vulnerability

3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

1.4%

top 19.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server

Timeline

PublishedDec 31

Latest updateApr 30

Description

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDoracle/application_server5 versions+4

Patches

Patch: www.kb.cert.org ↗Patch: www.nextgenss.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-9q5p-xwx7-2xf5: Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive inf↗2022-04-30

▶

CVEList

CVE-2002-1632: Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive inf↗2005-03-26

▶