Vulnerability Name: | CVE-2002-0103 (CCN-7766) | ||||||||
Assigned: | 2001-12-28 | ||||||||
Published: | 2001-12-28 | ||||||||
Updated: | 2016-10-18 | ||||||||
Summary: | An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | ||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Jan 07 2002 - 07:50:28 CST [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache Source: MITRE Type: CNA CVE-2002-0103 Source: BUGTRAQ Type: UNKNOWN 20020107 [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache Source: CCN Type: Oracle Security Alert #27 Vulnerabilities in Orcale9i Application Server Web Cache Source: CONFIRM Type: Patch, Vendor Advisory http://otn.oracle.com/deploy/security/pdf/webcache2.pdf Source: XF Type: UNKNOWN oracle-appserver-webcached-privileges(7766) Source: XF Type: UNKNOWN oracle-appserver-webcache-password(7768) Source: BID Type: UNKNOWN 3761 Source: CCN Type: BID-3761 Oracle9iAS Web Cache Privilege Escalation Vulnerability Source: BID Type: UNKNOWN 3764 Source: CCN Type: BID-3764 Oracle Oracle9iAS Web Cache World Readable Password File Vulnerability Source: XF Type: UNKNOWN oracle-appserver-webcached-privileges(7766) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Vulnerability Name: | CVE-2002-0103 (CCN-7768) | ||||||||
Assigned: | 2001-12-28 | ||||||||
Published: | 2001-12-28 | ||||||||
Updated: | 2016-10-18 | ||||||||
Summary: | An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | ||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Jan 07 2002 - 07:50:28 CST [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache Source: MITRE Type: CNA CVE-2002-0103 Source: CCN Type: Oracle Security Alert #27 Vulnerabilities in Orcale9i Application Server Web Cache Source: CCN Type: BID-3761 Oracle9iAS Web Cache Privilege Escalation Vulnerability Source: CCN Type: BID-3764 Oracle Oracle9iAS Web Cache World Readable Password File Vulnerability Source: XF Type: UNKNOWN oracle-appserver-webcache-password(7768) | ||||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |