Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
References
| Link | Resource |
|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | |
| http://www.cert.org/advisories/CA-2002-08.html | Patch Third Party Advisory US Government Resource |
| http://www.kb.cert.org/vuls/id/476619 | Patch Third Party Advisory US Government Resource |
| http://www.nextgenss.com/papers/hpoas.pdf | |
| http://www.securityfocus.com/bid/4290 | Vendor Advisory |
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | |
| http://www.cert.org/advisories/CA-2002-08.html | Patch Third Party Advisory US Government Resource |
| http://www.kb.cert.org/vuls/id/476619 | Patch Third Party Advisory US Government Resource |
| http://www.nextgenss.com/papers/hpoas.pdf | |
| http://www.securityfocus.com/bid/4290 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://marc.info/?l=bugtraq&m=101301813117562&w=2 - | |
| References | () http://www.cert.org/advisories/CA-2002-08.html - Patch, Third Party Advisory, US Government Resource | |
| References | () http://www.kb.cert.org/vuls/id/476619 - Patch, Third Party Advisory, US Government Resource | |
| References | () http://www.nextgenss.com/papers/hpoas.pdf - | |
| References | () http://www.securityfocus.com/bid/4290 - Vendor Advisory |
Information
Published : 2002-07-03 04:00
Updated : 2024-11-20 23:39
NVD link : CVE-2002-0568
Mitre link : CVE-2002-0568
CVE.ORG link : CVE-2002-0568
JSON object : View
Products Affected
oracle
- application_server
- oracle8i
- oracle9i
CWE