Information Disclosure in Oracle Configurator by Oracle
CVE-2002-1639

Currently unrated

Key Information:

Vendor: Oracle
Status: Configurator
Vendor: CVE Published:; 1 April 2002

What is CVE-2002-1639?

Oracle Configurator before specific versions allows remote attackers to gain access to sensitive information. This occurs through a crafted request to the oracle.apps.cz.servlet.UiServlet servlet with parameters set to 'version' or 'host'. As a consequence, attackers can exploit this flaw to retrieve critical information that may aid in further attacks.

References

http://www.securityfocus.com/bid/4433

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/158323

third-party-advisoryx_refsource_CERT-VN

http://securitytracker.com/id?1003967

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability Reserved
Mar 28, 2005
Vulnerability published
Apr 1, 2002