Vulnerability Description
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 1.0.2 |
| Oracle | Application Server Web Cache | 2.0.0.0 |
| Oracle | Oracle9I | 9.0 |
References
- http://marc.info/?l=bugtraq&m=101301440005580&w=2
- http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdfPatchVendor Advisory
- http://www.cert.org/advisories/CA-2002-08.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/698467US Government Resource
- http://www.securityfocus.com/bid/4034PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=101301440005580&w=2
- http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdfPatchVendor Advisory
- http://www.cert.org/advisories/CA-2002-08.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/698467US Government Resource
- http://www.securityfocus.com/bid/4034PatchVendor Advisory
FAQ
What is CVE-2002-0562?
CVE-2002-0562 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information includ...
How severe is CVE-2002-0562?
CVE-2002-0562 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0562?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server, Oracle Application Server Web Cache, Oracle Oracle9I.