Directory Permission Vulnerability in Oracle 9iAS by Oracle
CVE-2002-0565

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Web Cache; Application Server
Vendor: CVE Published:; 3 July 2002

What is CVE-2002-0565?

The Oracle 9iAS product has a vulnerability where JSP files located in the _pages directory are compiled with world-readable permissions. This misconfiguration allows remote attackers to leverage direct HTTP requests to access sensitive information embedded within the JSP code. Consequently, attackers can potentially harvest critical data such as usernames and passwords, posing significant risks to both individual privacy and organizational security.

References

http://www.cert.org/advisories/CA-2002-08.html

third-party-advisoryx_refsource_CERT

http://otn.oracle.com/deploy/security/pdf/ias_modplsql_al...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/547459

third-party-advisoryx_refsource_CERT-VN

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002