| Vulnerability Name: | CCN-3480 |
| Published: | 1999-11-10 |
| Updated: | 1999-11-10 |
| Summary: | The Oracle Application Server for Solaris contains a vulnerability in the server startup function. The server is owned by the user 'oracle' in most configurations. This includes the administrative utilities to start, stop, and manipulate the servers. Unprivileged users may not bind servers to ports below 1024. However, Oracle has made the 'owslctl' utility root, which allows normal users to start the server on privileged ports. Attackers may take advantage of this design to compromise super-user access. |
| CVSS v3 Severity: | |
| CVSS v2 Severity: | |
| Vulnerability Consequences: | Gain Access |
| References: | Source: CCN Type: Internet Security Systems Security Alert #38 Multiple Root Compromise Vulnerabilities in Oracle Application Server Source: XF Type: UNKNOWN oracle-appserver-owslctl(3480) |
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable |
| BACK | |