Vulnerability Description
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 1.0.2 |
| Oracle | Oracle8I | 8.1.7 |
| Oracle | Oracle9I | 9.0 |
References
- http://marc.info/?l=bugtraq&m=101301813117562&w=2
- http://www.cert.org/advisories/CA-2002-08.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/476619PatchThird Party AdvisoryUS Government Resource
- http://www.nextgenss.com/papers/hpoas.pdf
- http://www.securityfocus.com/bid/4290Vendor Advisory
- http://marc.info/?l=bugtraq&m=101301813117562&w=2
- http://www.cert.org/advisories/CA-2002-08.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/476619PatchThird Party AdvisoryUS Government Resource
- http://www.nextgenss.com/papers/hpoas.pdf
- http://www.securityfocus.com/bid/4290Vendor Advisory
FAQ
What is CVE-2002-0568?
CVE-2002-0568 is a vulnerability with a CVSS score of 2.1 (LOW). Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfi...
How severe is CVE-2002-0568?
CVE-2002-0568 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0568?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server, Oracle Oracle8I, Oracle Oracle9I.