CVE-2002-1858

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2002-1858
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://online.securityfocus.com/archive/1/279582
http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf Patch
http://www.iss.net/security_center/static/9446.php Patch
http://www.securityfocus.com/bid/5119 Patch
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt Patch Vendor Advisory
http://online.securityfocus.com/archive/1/279582
http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf Patch
http://www.iss.net/security_center/static/9446.php Patch
http://www.securityfocus.com/bid/5119 Patch
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*
History

20 Nov 2024, 23:42

Type Values Removed Values Added
References () http://online.securityfocus.com/archive/1/279582 - () http://online.securityfocus.com/archive/1/279582 -
References () http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf - Patch () http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf - Patch
References () http://www.iss.net/security_center/static/9446.php - Patch () http://www.iss.net/security_center/static/9446.php - Patch
References () http://www.securityfocus.com/bid/5119 - Patch () http://www.securityfocus.com/bid/5119 - Patch
References () http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt - Patch, Vendor Advisory () http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt - Patch, Vendor Advisory
Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:42

NVD link : CVE-2002-1858

Mitre link : CVE-2002-1858

CVE.ORG link : CVE-2002-1858

JSON object : View

Products Affected

oracle

  • application_server
CWE
NVD-CWE-Other