Lucene search

[email protected]CVE-2002-2345

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2345

2022-10-0316:23:49

CWE-255

[email protected]

web.nvd.nist.gov

oracle

application server

9.0.2

plaintext

web cache

password

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.

Affected configurations

NVD

Node

oracleapplication_serverMatch9.0.2

CPENameOperatorVersion
oracle:application_serveroracle application servereq9.0.2

CPE	Name	Operator	Version
oracle:application_server	oracle application server	eq	9.0.2

References

otn.oracle.com/deploy/security/pdf/2002alert39rev1.pdf

www.iss.net/security_center/static/9841.php

www.securityfocus.com/bid/7395

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for CVE-2002-2345

nvd1 cvelist1 nessus1