Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-0568 | First vendor Publication | 2002-07-03 |
Vendor | Cve | Last vendor Modification | 2016-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0568 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : Oracle XSQLServlet XSQLConfig.xml File File : nvt/oracle9i_XSQLServlet_XSQLConfig.nasl |
2005-11-03 | Name : Oracle 9iAS SOAP configuration file retrieval File : nvt/oracle9i_soapconfig.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3423 | Oracle Application Server XSQLServlet XSQLConfig.xml Authentication Credentia... Oracle Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker accesses XSQLConfig.xml, which will disclose sensitive server information resulting in a loss of confidentiality. |
3411 | Oracle Application Server XSQLServlet soapConfig.xml Authentication Credentia... Oracle 9i Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker accesses soapConfig.xml, which will disclose sensitive server information resulting in a loss of confidentiality. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle XSQLConfig.xml access RuleID : 1871-community - Revision : 12 - Type : SERVER-WEBAPP |
2014-01-10 | Oracle XSQLConfig.xml access RuleID : 1871 - Revision : 12 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-24 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO |
2003-02-11 | Name : The remote web server is affected by an information disclosure vulnerability. File : oracle9i_soapconfig.nasl - Type : ACT_GATHER_INFO |
2002-02-07 | Name : Sensitive data can be read on the remote host. File : oracle9i_XSQLServlet_XSQLConfig.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:01:41 |
|
2021-04-22 01:01:49 |
|
2020-05-23 00:14:59 |
|
2016-10-18 12:01:01 |
|
2014-02-17 10:24:43 |
|
2014-01-19 21:21:41 |
|
2013-05-11 12:09:58 |
|