CVE-2002-0564

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Oracle8i; Application Server
Vendor: CVE Published:; 3 July 2002

Summary

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

References

http://marc.info/?l=bugtraq&m=101301813117562&w=2

mailing-listx_refsource_BUGTRAQ

http://www.cert.org/advisories/CA-2002-08.html

third-party-advisoryx_refsource_CERT

http://www.nextgenss.com/papers/hpoas.pdf

x_refsource_MISC

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002