Lucene search

[email protected]CVE-1999-1125

HistorySep 19, 1997 - 4:00 a.m.

CVE-1999-1125

1997-09-1904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

oracle webserver 2.1

security vulnerability

privilege escalation

file modification.

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.2%

JSON

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

CPENameOperatorVersion
oracle:http_serveroracle http serverle2.1
oracle:http_serveroracle http servereq1.0

CPE	Name	Operator	Version
oracle:http_server	oracle http server	le	2.1
oracle:http_server	oracle http server	eq	1.0

References

marc.info/?l=bugtraq&m=87602880019796&w=2

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-1999-1125

cvelist1