CVE-2002-0562

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Application Server
Vendor: CVE Published:; 3 July 2002

Summary

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

References

http://www.cert.org/advisories/CA-2002-08.html

third-party-advisoryx_refsource_CERT

http://www.kb.cert.org/vuls/id/698467

third-party-advisoryx_refsource_CERT-VN

http://otn.oracle.com/deploy/security/pdf/ias_modplsql_al...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002