CVE-2002-0559 : Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a de

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.

Published 2002-07-03 04:00:00

Updated 2017-12-19 02:29:38

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2002-0559

Probability of exploitation activity in the next 30 days: 3.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0559

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2002-0559

http://www.nextgenss.com/papers/hpoas.pdf

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/8097
http://www.kb.cert.org/vuls/id/750299

US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/8098
https://exchange.xforce.ibmcloud.com/vulnerabilities/8095
http://www.kb.cert.org/vuls/id/878603

US Government Resource
http://online.securityfocus.com/archive/1/254426

Patch;Vendor Advisory
http://www.securityfocus.com/bid/4032

Patch;Vendor Advisory
http://www.kb.cert.org/vuls/id/923395

US Government Resource
http://www.kb.cert.org/vuls/id/313280

US Government Resource
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf

CVEs referencing this url
http://www.kb.cert.org/vuls/id/659043

US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/8096
http://www.cert.org/advisories/CA-2002-08.html

Patch;Third Party Advisory;US Government Resource

CVEs referencing this url

Products affected by CVE-2002-0559

Oracle » Oracle8i » Version: 8.1.7
cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
Matching versions
Oracle » Oracle8i » Version: 8.1.7.1
cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server » Version: 1.0.2
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Oracle9i » Version: 9.0
cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
Matching versions
Oracle » Oracle9i » Version: 9.0.1
cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.1
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.0
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.2
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.3
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0559

Exploit prediction scoring system (EPSS) score for CVE-2002-0559

CVSS scores for CVE-2002-0559

References for CVE-2002-0559

Products affected by CVE-2002-0559