Executive Summary

Informations
Name CVE-2002-0568 First vendor Publication 2002-07-03
Vendor Cve Last vendor Modification 2016-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0568

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 2
Application 2

OpenVAS Exploits

Date Description
2005-11-03 Name : Oracle XSQLServlet XSQLConfig.xml File
File : nvt/oracle9i_XSQLServlet_XSQLConfig.nasl
2005-11-03 Name : Oracle 9iAS SOAP configuration file retrieval
File : nvt/oracle9i_soapconfig.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
3423 Oracle Application Server XSQLServlet XSQLConfig.xml Authentication Credentia...

Oracle Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker accesses XSQLConfig.xml, which will disclose sensitive server information resulting in a loss of confidentiality.
3411 Oracle Application Server XSQLServlet soapConfig.xml Authentication Credentia...

Oracle 9i Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker accesses soapConfig.xml, which will disclose sensitive server information resulting in a loss of confidentiality.

Snort® IPS/IDS

Date Description
2014-01-10 Oracle XSQLConfig.xml access
RuleID : 1871-community - Revision : 12 - Type : SERVER-WEBAPP
2014-01-10 Oracle XSQLConfig.xml access
RuleID : 1871 - Revision : 12 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2012-01-24 Name : The remote web server may be affected by multiple vulnerabilities.
File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO
2003-02-11 Name : The remote web server is affected by an information disclosure vulnerability.
File : oracle9i_soapconfig.nasl - Type : ACT_GATHER_INFO
2002-02-07 Name : Sensitive data can be read on the remote host.
File : oracle9i_XSQLServlet_XSQLConfig.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/4290
BUGTRAQ http://marc.info/?l=bugtraq&m=101301813117562&w=2
CERT http://www.cert.org/advisories/CA-2002-08.html
CERT-VN http://www.kb.cert.org/vuls/id/476619
MISC http://www.nextgenss.com/papers/hpoas.pdf

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 12:01:41
  • Multiple Updates
2021-04-22 01:01:49
  • Multiple Updates
2020-05-23 00:14:59
  • Multiple Updates
2016-10-18 12:01:01
  • Multiple Updates
2014-02-17 10:24:43
  • Multiple Updates
2014-01-19 21:21:41
  • Multiple Updates
2013-05-11 12:09:58
  • Multiple Updates