CVE-2002-0565

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Application Server
Vendor: CVE Published:; 3 July 2002

Summary

Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.

References

http://www.cert.org/advisories/CA-2002-08.html

third-party-advisoryx_refsource_CERT

http://otn.oracle.com/deploy/security/pdf/ias_modplsql_al...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/547459

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002