CVE-2002-0562 (GCVE-0-2002-0562)
Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#698467",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4034",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#698467",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4034",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#698467",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/698467"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4034"
},
{
"name": "20020206 JSP translation file access under Oracle 9iAS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0562",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC62E1B2-6964-4459-A1EF-A6A087C2960F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C272DE0-3717-40D0-99A6-2B4108BF85A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4959B7CD-218F-47A3-A604-629B69E1905B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6659ECF3-D355-4357-BB15-DAFA427FCD12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B34A419-42C2-44FC-84C7-65699BA07120\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C2720EA-55FB-40B1-BE58-3E16628DA248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9BB176D-7A94-4A91-89FC-9971E19FF7C6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.\"}]",
"id": "CVE-2002-0562",
"lastModified": "2024-11-20T23:39:22.360",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2002-07-03T04:00:00.000",
"references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cert.org/advisories/CA-2002-08.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/698467\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/4034\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cert.org/advisories/CA-2002-08.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/698467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/4034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2002-0562\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-07-03T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC62E1B2-6964-4459-A1EF-A6A087C2960F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C272DE0-3717-40D0-99A6-2B4108BF85A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4959B7CD-218F-47A3-A604-629B69E1905B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6659ECF3-D355-4357-BB15-DAFA427FCD12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B34A419-42C2-44FC-84C7-65699BA07120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C2720EA-55FB-40B1-BE58-3E16628DA248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9BB176D-7A94-4A91-89FC-9971E19FF7C6\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2002-08.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/698467\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/4034\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101301440005580\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2002-08.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/698467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/4034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…