Vulnerability Description
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 1.0.2 |
References
- http://www.kb.cert.org/vuls/id/717827US Government Resource
- http://www.kb.cert.org/vuls/id/SVIM-576QLZPatchUS Government Resource
- http://www.nextgenss.com/papers/hpoas.pdfPatch
- http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
- http://www.securityfocus.com/bid/6556
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8665
- http://www.kb.cert.org/vuls/id/717827US Government Resource
- http://www.kb.cert.org/vuls/id/SVIM-576QLZPatchUS Government Resource
- http://www.nextgenss.com/papers/hpoas.pdfPatch
- http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
- http://www.securityfocus.com/bid/6556
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8665
FAQ
What is CVE-2002-1632?
CVE-2002-1632 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo,...
How severe is CVE-2002-1632?
CVE-2002-1632 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1632?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server.