Vulnerability Name: | CVE-2002-1632 (CCN-8665) | ||||||||
Assigned: | 2002-01-10 | ||||||||
Published: | 2002-01-10 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2002-1631 Source: MITRE Type: CNA CVE-2002-1632 Source: CCN Type: Oracle Security Alert #28 Vulnerabilities in Oracle mod_plsql and JSP in Oracle9i Application Server, v1.0.2.x Source: CCN Type: US-CERT VU#717827 Multiple Oracle 9iAS sample pages contain vulnerabilities Source: CERT-VN Type: US Government Resource VU#717827 Source: CONFIRM Type: Patch, US Government Resource http://www.kb.cert.org/vuls/id/SVIM-576QLZ Source: CCN Type: NGSSoftware Insight Security Research Paper Hackproofing Oracle Application Server Source: MISC Type: Patch http://www.nextgenss.com/papers/hpoas.pdf Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf Source: CCN Type: OSVDB ID: 18215 Oracle 9iAS info.jsp Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 18216 Oracle 9iAS printenv Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 18217 Oracle 9iAS echo Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 18218 Oracle 9iAS echo2 Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 509 Oracle XSQL query.xsql sql Parameter SQL Injection Source: BID Type: UNKNOWN 6556 Source: CCN Type: BID-6556 Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability Source: XF Type: UNKNOWN oracle-appserver-info-sample(8665) Source: XF Type: UNKNOWN oracle-appserver-info-sample(8665) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |