CVE-2002-1858 — Path Equivalence: 'filename.' (Trailing Dot) in Oracle Application Server

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 41.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server

Timeline

PublishedDec 31

Latest updateApr 30

Description

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/application_server4 versions+3

Patches

Patch: otn.oracle.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-f5r8-hh53-9mq4: Oracle Oracle9i Application Server 1↗2022-04-30

▶

CVEList

CVE-2002-1858: Oracle Oracle9i Application Server 1↗2005-06-28

▶