CVE-2002-0568

Sažetak

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Reference

http://marc.info/?l=bugtraq&m=101301813117562&w=2
http://www.cert.org/advisories/CA-2002-08.html
http://www.kb.cert.org/vuls/id/476619
http://www.nextgenss.com/papers/hpoas.pdf
http://www.securityfocus.com/bid/4290

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-10-2016 - 02:20

Objavljeno

03-07-2002 - 04:00