Authentication Bypass in Oracle 9i Application Server by Remote Attackers
CVE-2002-0564

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Oracle8i; Application Server
Vendor: CVE Published:; 3 July 2002

What is CVE-2002-0564?

The vulnerability in Oracle 9i Application Server version 1.0.2.x occurs within the PL/SQL module 3.0.9.8.2, enabling remote attackers to bypass authentication for a Database Access Descriptor (DAD). By manipulating the URL to reference an alternate DAD that possesses valid credentials, an attacker can gain unauthorized access to the system, compromising database integrity and confidentiality. This vulnerability highlights the importance of stringent security measures to mitigate risks associated with URL manipulation and unauthorized access.

References

http://marc.info/?l=bugtraq&m=101301813117562&w=2

mailing-listx_refsource_BUGTRAQ

http://www.cert.org/advisories/CA-2002-08.html

third-party-advisoryx_refsource_CERT

http://www.nextgenss.com/papers/hpoas.pdf

x_refsource_MISC

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002