Unauthorized Access Vulnerability in Oracle 9i Application Server
CVE-2002-0563

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Oracle8i; Application Server
Vendor: CVE Published:; 3 July 2002

What is CVE-2002-0563?

The default settings of Oracle 9i Application Server 1.0.2.x enable unvalidated remote access by anonymous users to several critical services. These include Dynamic Monitoring Services, such as dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, and various other important components, notably the Oracle Java Process Manager functionalities. Without proper authentication, this vulnerability can jeopardize security, allowing unauthorized control over Java processes and potentially leading to severe consequences for data integrity and application performance.

References

http://www.securityfocus.com/bid/4293

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/8455

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=101301813117562&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

34% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002

JSON