CVE: CVE-2002-1632 - CVE-Search

CVE Details for CVE: CVE-2002-1632

Summary

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

Timestamps
Last major update	11-07-2017 - 01:29
Published	31-12-2002 - 05:00
Last modified	11-07-2017 - 01:29

References

Vulnerable Configurations

cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

6.4

Impact

4.9

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid	6556
cert-vn	VU#717827
confirm	http://www.kb.cert.org/vuls/id/SVIM-576QLZ http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
misc	http://www.nextgenss.com/papers/hpoas.pdf
xf	oracle-appserver-info-sample(8665)