Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-0562

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

Published

2002-07-03T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	application_server	1.0.2	Yes
Application	oracle	application_server_web_cache	2.0.0.0	Yes
Application	oracle	application_server_web_cache	2.0.0.1	Yes
Application	oracle	application_server_web_cache	2.0.0.2	Yes
Application	oracle	application_server_web_cache	2.0.0.3	Yes
Application	oracle	oracle9i	9.0	Yes
Application	oracle	oracle9i	9.0.1	Yes

References

http://marc.info/?l=bugtraq&m=101301440005580&w=2 ([email protected])
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf Patch, Vendor Advisory ([email protected])
http://www.cert.org/advisories/CA-2002-08.html Patch, Third Party Advisory, US Government Resource ([email protected])
http://www.kb.cert.org/vuls/id/698467 US Government Resource ([email protected])
http://www.securityfocus.com/bid/4034 Patch, Vendor Advisory ([email protected])
http://marc.info/?l=bugtraq&m=101301440005580&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.cert.org/advisories/CA-2002-08.html Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/698467 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/4034 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)