Remote Information Disclosure in Oracle 9i Application Server by Oracle
CVE-2002-0562

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Application Server
Vendor: CVE Published:; 3 July 2002

What is CVE-2002-0562?

Oracle 9i Application Server version 1.0.2.x is susceptible to a vulnerability due to its default configuration where sensitive files, including globals.jsa, are stored under the web root directory. This misconfiguration allows remote attackers to access this file via HTTP requests, potentially exposing critical information such as usernames and passwords. Organizations using this version of the software should implement strict access controls and review their configuration settings to mitigate the risk of unauthorized data exposure.

References

http://www.cert.org/advisories/CA-2002-08.html

third-party-advisoryx_refsource_CERT

http://www.kb.cert.org/vuls/id/698467

third-party-advisoryx_refsource_CERT-VN

http://otn.oracle.com/deploy/security/pdf/ias_modplsql_al...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002