CVSS: 7.5EPSS: 85%CPEs: 9EXPL: 0CVE-2002-0561
https://notcve.org/view.php?id=CVE-2002-0561
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/611776 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4292 •
CVSS: 2.1EPSS: 93%CPEs: 5EXPL: 0CVE-2002-0568
https://notcve.org/view.php?id=CVE-2002-0568
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/476619 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4290 •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2002-0566
https://notcve.org/view.php?id=CVE-2002-0566
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/805915 http://www.securityfocus.com/bid/4037 https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 •