Vulnerability Description
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server Web Cache | 2.0.0.0 |
References
- http://marc.info/?l=bugtraq&m=101041510727937&w=2
- http://otn.oracle.com/deploy/security/pdf/webcache2.pdfPatchVendor Advisory
- http://www.iss.net/security_center/static/7766.php
- http://www.iss.net/security_center/static/7768.php
- http://www.securityfocus.com/bid/3761
- http://www.securityfocus.com/bid/3764
- http://marc.info/?l=bugtraq&m=101041510727937&w=2
- http://otn.oracle.com/deploy/security/pdf/webcache2.pdfPatchVendor Advisory
- http://www.iss.net/security_center/static/7766.php
- http://www.iss.net/security_center/static/7768.php
- http://www.securityfocus.com/bid/3761
- http://www.securityfocus.com/bid/3764
FAQ
What is CVE-2002-0103?
CVE-2002-0103 is a vulnerability with a CVSS score of 4.6 (MEDIUM). An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) ...
How severe is CVE-2002-0103?
CVE-2002-0103 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0103?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server Web Cache.