Lucene search

[email protected]CVE-2002-1632

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-1632

2002-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

oracle

9i application server

9ias

security vulnerability

cve-2002-1632

nvd

6.2 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.8%

JSON

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

CPENameOperatorVersion
oracle:application_serveroracle application servereq9.0.2.0.0
oracle:application_serveroracle application servereq9.0.2.0.1
oracle:application_serveroracle application servereq1.0.2.1s
oracle:application_serveroracle application servereq1.0.2.2
oracle:application_serveroracle application servereq1.0.2

CPE	Name	Operator	Version
oracle:application_server	oracle application server	eq	9.0.2.0.0
oracle:application_server	oracle application server	eq	9.0.2.0.1
oracle:application_server	oracle application server	eq	1.0.2.1s
oracle:application_server	oracle application server	eq	1.0.2.2
oracle:application_server	oracle application server	eq	1.0.2

References

www.kb.cert.org/vuls/id/717827

www.kb.cert.org/vuls/id/SVIM-576QLZ

www.nextgenss.com/papers/hpoas.pdf

www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf

www.securityfocus.com/bid/6556

exchange.xforce.ibmcloud.com/vulnerabilities/8665

6.2 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2002-1632

openvas2 nessus1