CVE-2002-1632

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/717827	US Government Resource
http://www.kb.cert.org/vuls/id/SVIM-576QLZ	Patch US Government Resource
http://www.nextgenss.com/papers/hpoas.pdf	Patch
http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.securityfocus.com/bid/6556
https://exchange.xforce.ibmcloud.com/vulnerabilities/8665

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:application_server:1.0.2:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2.1s:::::::*
	cpe:2.3:a:oracle:application_server:1.0.2.2:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.0.0:::::::*
	cpe:2.3:a:oracle:application_server:9.0.2.0.1:::::::*

History

No history.

Information

Published : 2002-12-31 05:00

Updated : 2017-07-11 01:29

NVD link : CVE-2002-1632

Mitre link : CVE-2002-1632

CVE.ORG link : CVE-2002-1632

JSON object : View

Products Affected

oracle

application_server

CWE

NVD-CWE-Other

{"id": "CVE-2002-1632", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/717827", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/SVIM-576QLZ", "tags": ["Patch", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.nextgenss.com/papers/hpoas.pdf", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6556", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8665", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2."}], "lastModified": "2017-07-11T01:29:17.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F"}, {"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919"}, {"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9"}, {"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}