CVSS: 5.0EPSS: 78%CPEs: 7EXPL: 0CVE-2002-0562
https://notcve.org/view.php?id=CVE-2002-0562
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. • http://marc.info/?l=bugtraq&m=101301440005580&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/698467 http://www.securityfocus.com/bid/4034 •
CVSS: 7.5EPSS: 85%CPEs: 9EXPL: 0CVE-2002-0561
https://notcve.org/view.php?id=CVE-2002-0561
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/611776 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4292 •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2002-0566
https://notcve.org/view.php?id=CVE-2002-0566
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/805915 http://www.securityfocus.com/bid/4037 https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2002-1641
https://notcve.org/view.php?id=CVE-2002-1641
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. • http://www.kb.cert.org/vuls/id/291555 http://www.nextgenss.com/vna/ora-webcache.txt http://www.securityfocus.com/bid/4856 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0103
https://notcve.org/view.php?id=CVE-2002-0103
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. El programa de instalación para el Oracle9i Web cache 2.0.0.x crea ejecutables y archivos de configuración con permisos inseguros, que permiten a usuarios locales asignarse privilegios: (1) ejecutar webcache y (2) obtener la contraseña de administrador de webcache.xml. • http://marc.info/?l=bugtraq&m=101041510727937&w=2 http://otn.oracle.com/deploy/security/pdf/webcache2.pdf http://www.iss.net/security_center/static/7766.php http://www.iss.net/security_center/static/7768.php http://www.securityfocus.com/bid/3761 http://www.securityfocus.com/bid/3764 •