The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=101301440005580&w=2 | |
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch Vendor Advisory |
http://www.cert.org/advisories/CA-2002-08.html | Patch Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/698467 | US Government Resource |
http://www.securityfocus.com/bid/4034 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-06-11T04:00:00
Updated: 2016-10-17T13:57:01
Reserved: 2002-06-07T00:00:00
Link: CVE-2002-0562
JSON object: View
NVD Information
Status : Modified
Published: 2002-07-03T04:00:00.000
Modified: 2016-10-18T02:20:37.463
Link: CVE-2002-0562
JSON object: View
Redhat Information
No data.
CWE