Vulnerability CVE-2002-1637

Vulnerability Name:

CVE-2002-1637

Assigned:

2002-02-26

Published:

2002-02-26

Updated:

2017-07-11

Summary:

Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

ALLOWS_OTHER_ACCESS

References:

Source: MITRE
Type: CNA
CVE-2002-1637

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#712723

Source: MISC
Type: UNKNOWN
http://www.nextgenss.com/papers/hpoas.pdf

Source: XF
Type: UNKNOWN
default-oracle-system(968)

Source: XF
Type: UNKNOWN
default-oracle-sys(969)

Source: XF
Type: UNKNOWN
default-oracle-scott(970)

Source: XF
Type: UNKNOWN
default-oracle-apps(971)

Source: XF
Type: UNKNOWN
default-oracle-applsys(972)

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:application_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK