CVE-2002-1632
Published Dec 31, 2002
Last updated 7 years ago
Overview
- Description
- Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F"
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919"
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7"
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9"
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB"
}
],
"operator": "OR"
}
]
}
]