Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 03/07/2002 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle application server 1.0.2
oracle oracle9i 9.0
oracle oracle9i 9.0.1
oracle application server web cache 2.0.0.0
oracle application server web cache 2.0.0.1
oracle oracle8i 8.1.7
oracle oracle8i 8.1.7_.1
oracle application server web cache 2.0.0.2
oracle application server web cache 2.0.0.3

CWE-287 http://www.cert.org/advisories/CA-2002-08.html http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.securityfocus.com/bid/4293 http://www.kb.cert.org/vuls/id/168795 http://www.nextgenss.com/papers/hpoas.pdf http://www.appsecinc.com/Policy/PolicyCheck7024.html http://www.osvdb.org/705 http://www.osvdb.org/13152 http://securitytracker.com/id?1009167 http://marc.info/?l=bugtraq&m=101301813117562&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/8455 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/168795

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-0563

Vulnerability Summary

References

Vulmon Search

About

Products

Connect