CVE-2002-0563 : The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive serv

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.

Published 2002-07-03 04:00:00

Updated 2017-07-11 01:29:12

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2002-0563

Probability of exploitation activity in the next 30 days: 94.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0563

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2002-0563

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2002-0563

http://www.nextgenss.com/papers/hpoas.pdf

CVEs referencing this url
http://www.securityfocus.com/bid/4293

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/8455
http://www.kb.cert.org/vuls/id/168795

US Government Resource
http://www.appsecinc.com/Policy/PolicyCheck7024.html
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf

Patch;Vendor Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=101301813117562&w=2

CVEs referencing this url
http://securitytracker.com/id?1009167
http://www.cert.org/advisories/CA-2002-08.html

Patch;Third Party Advisory;US Government Resource

CVEs referencing this url

Products affected by CVE-2002-0563

Oracle » Oracle8i » Version: 8.1.7
cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
Matching versions
Oracle » Oracle8i » Version: 8.1.7 .1
cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server » Version: 1.0.2
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Oracle9i » Version: 9.0
cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
Matching versions
Oracle » Oracle9i » Version: 9.0.1
cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.1
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.0
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.2
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server Web Cache » Version: 2.0.0.3
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0563

Exploit prediction scoring system (EPSS) score for CVE-2002-0563

CVSS scores for CVE-2002-0563

CWE ids for CVE-2002-0563

References for CVE-2002-0563

Products affected by CVE-2002-0563