Vulnerability Name:

CVE-2002-0103 (CCN-7766)

Assigned:2001-12-28
Published:2001-12-28
Updated:2016-10-18
Summary:An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Mon Jan 07 2002 - 07:50:28 CST
[PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache

Source: MITRE
Type: CNA
CVE-2002-0103

Source: BUGTRAQ
Type: UNKNOWN
20020107 [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache

Source: CCN
Type: Oracle Security Alert #27
Vulnerabilities in Orcale9i Application Server Web Cache

Source: CONFIRM
Type: Patch, Vendor Advisory
http://otn.oracle.com/deploy/security/pdf/webcache2.pdf

Source: XF
Type: UNKNOWN
oracle-appserver-webcached-privileges(7766)

Source: XF
Type: UNKNOWN
oracle-appserver-webcache-password(7768)

Source: BID
Type: UNKNOWN
3761

Source: CCN
Type: BID-3761
Oracle9iAS Web Cache Privilege Escalation Vulnerability

Source: BID
Type: UNKNOWN
3764

Source: CCN
Type: BID-3764
Oracle Oracle9iAS Web Cache World Readable Password File Vulnerability

Source: XF
Type: UNKNOWN
oracle-appserver-webcached-privileges(7766)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-0103 (CCN-7768)

    Assigned:2001-12-28
    Published:2001-12-28
    Updated:2016-10-18
    Summary:An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
    CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Obtain Information
    References:Source: CCN
    Type: BugTraq Mailing List, Mon Jan 07 2002 - 07:50:28 CST
    [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache

    Source: MITRE
    Type: CNA
    CVE-2002-0103

    Source: CCN
    Type: Oracle Security Alert #27
    Vulnerabilities in Orcale9i Application Server Web Cache

    Source: CCN
    Type: BID-3761
    Oracle9iAS Web Cache Privilege Escalation Vulnerability

    Source: CCN
    Type: BID-3764
    Oracle Oracle9iAS Web Cache World Readable Password File Vulnerability

    Source: XF
    Type: UNKNOWN
    oracle-appserver-webcache-password(7768)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle application server web cache 2.0.0.0
    oracle application server web cache 2.0.0.1
    oracle application server web cache 2.0.0.2
    oracle application server web cache 2.0.0.1
    oracle application server web cache 2.0.0.0
    oracle application server web cache 2.0.0.2
    oracle application server web cache 2.0.0.1
    oracle application server web cache 2.0.0.0
    oracle application server web cache 2.0.0.2