Null Authentication Flaw in Oracle 9i Application Server 1.0.2.x
CVE-2002-0561

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Oracle8i; Application Server
Vendor: CVE Published:; 3 July 2002

What is CVE-2002-0561?

The PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x has been identified to utilize a default configuration that permits null authentication. This configuration enables remote attackers to exploit the system, gaining unauthorized privileges that allow them to modify Database Access Descriptor (DAD) settings. This vulnerability poses a serious risk as it can lead to unauthorized access and manipulation of critical application settings, compromising the security and integrity of the affected systems.

References

http://marc.info/?l=bugtraq&m=101301813117562&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4292

vdb-entryx_refsource_BID

http://www.cert.org/advisories/CA-2002-08.html

third-party-advisoryx_refsource_CERT

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002