fkie_cve-2002-0103
Vulnerability from fkie_nvd
Published
2002-03-25 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=101041510727937&w=2
cve@mitre.orghttp://otn.oracle.com/deploy/security/pdf/webcache2.pdfPatch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/7766.php
cve@mitre.orghttp://www.iss.net/security_center/static/7768.php
cve@mitre.orghttp://www.securityfocus.com/bid/3761
cve@mitre.orghttp://www.securityfocus.com/bid/3764
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=101041510727937&w=2
af854a3a-2127-422b-91ae-364da2661108http://otn.oracle.com/deploy/security/pdf/webcache2.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/7766.php
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/7768.php
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3761
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3764
Impacted products
Vendor Product Version
oracle application_server_web_cache 2.0.0.0
oracle application_server_web_cache 2.0.0.1
oracle application_server_web_cache 2.0.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml."
    },
    {
      "lang": "es",
      "value": "El programa de instalaci\u00f3n para el Oracle9i Web cache 2.0.0.x crea ejecutables y archivos de configuraci\u00f3n con permisos inseguros, que permiten a usuarios locales asignarse privilegios: (1) ejecutar webcache  y (2) obtener la contrase\u00f1a de administrador de webcache.xml."
    }
  ],
  "id": "CVE-2002-0103",
  "lastModified": "2024-11-20T23:38:19.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-03-25T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=101041510727937\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/7766.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/7768.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3761"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=101041510727937\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/7766.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/7768.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3764"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.