Vulnerability Details : CVE-2002-0562
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
Exploit prediction scoring system (EPSS) score for CVE-2002-0562
Probability of exploitation activity in the next 30 days: 78.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0562
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-0562
- http://marc.info/?l=bugtraq&m=101301440005580&w=2
-
http://www.securityfocus.com/bid/4034
Patch;Vendor Advisory
-
http://www.kb.cert.org/vuls/id/698467
US Government Resource
-
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Patch;Vendor Advisory
-
http://www.cert.org/advisories/CA-2002-08.html
Patch;Third Party Advisory;US Government Resource
Products affected by CVE-2002-0562
- cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*