CVE-2002-0563

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Oracle8i; Application Server
Vendor: CVE Published:; 3 July 2002

Summary

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.

References

http://www.securityfocus.com/bid/4293

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/8455

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=101301813117562&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002