CVE-2002-0563

Oracle 9i Application Server 1.0.2.x - Unauthenticated Access to Sensitive Services

Title source: llm
STIX 2.1

Description

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.

References (11)

Core 11
Core References
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4293
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8455
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101301813117562&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/13152
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2002-08.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1009167
Various Sources x_refsource_misc
http://www.appsecinc.com/Policy/PolicyCheck7024.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/168795
Various Sources x_refsource_misc
http://www.nextgenss.com/papers/hpoas.pdf
Patch, Vendor Advisory x_refsource_confirm
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/705

Scores

EPSS 0.5113
EPSS Percentile 98.8%

Details

CWE
CWE-287
Status published
Products (9)
oracle/application_server 1.0.2
oracle/application_server_web_cache 2.0.0.0
oracle/application_server_web_cache 2.0.0.1
oracle/application_server_web_cache 2.0.0.2
oracle/application_server_web_cache 2.0.0.3
oracle/oracle8i 8.1.7
oracle/oracle8i 8.1.7_.1
oracle/oracle9i 9.0
oracle/oracle9i 9.0.1
Published Jul 03, 2002
Tracked Since Feb 18, 2026