Lucene search

[email protected]CVE-2001-0326

HistoryMay 03, 2001 - 4:00 a.m.

CVE-2001-0326

2001-05-0304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

oracle

java virtual machine

jvm

security vulnerability

oracle 8.1.7

oracle application server 9ias

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.8%

JSON

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.

CPENameOperatorVersion
oracle:application_serveroracle application servereqrelease_1.0.2.0.1
oracle:oracle8ioracle oracle8ieq8.1.7_r3

CPE	Name	Operator	Version
oracle:application_server	oracle application server	eq	release_1.0.2.0.1
oracle:oracle8i	oracle oracle8i	eq	8.1.7_r3

References

archives.neohapsis.com/archives/bugtraq/2001-02/0255.html

www.osvdb.org/5706

exchange.xforce.ibmcloud.com/vulnerabilities/6438

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2001-0326

nessus1