Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-0562 | First vendor Publication | 2002-07-03 |
Vendor | Cve | Last vendor Modification | 2016-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0562 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 4 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : Oracle 9iAS Globals.jsa access File : nvt/oracle9i_globals_dot_jsa.nasl |
2005-11-03 | Name : Oracle 9iAS Jsp Source File Reading File : nvt/oracle9i_jsp_source.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
707 | Oracle Application Server globals.jsa Database Credential Remote Disclosure |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | globals.jsa access RuleID : 1873-community - Revision : 12 - Type : SERVER-WEBAPP |
2014-01-10 | globals.jsa access RuleID : 1873 - Revision : 12 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-24 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO |
2002-02-07 | Name : Sensitive data may be disclosed on the remote host. File : oracle9i_globals_dot_jsa.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:01:41 |
|
2021-04-22 01:01:49 |
|
2020-05-23 00:14:59 |
|
2016-10-18 12:01:01 |
|
2014-02-17 10:24:43 |
|
2014-01-19 21:21:41 |
|
2013-05-11 12:09:57 |
|