CVE-2002-1632

Sažetak

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

Reference

http://www.kb.cert.org/vuls/id/717827
http://www.kb.cert.org/vuls/id/SVIM-576QLZ
http://www.nextgenss.com/papers/hpoas.pdf
http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.securityfocus.com/bid/6556
https://exchange.xforce.ibmcloud.com/vulnerabilities/8665

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:29

Objavljeno

31-12-2002 - 05:00