CVE-1999-1125

Published: Sep 19, 1997Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Affected (2)

Products: Oracle: Http Server

Oracle

1 product

Http Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Http Server	Up to 2.1
Oracle Http Server	Version 1.0

References (2)

http://marc.info/?l=bugtraq&m=87602880019796&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=87602880019796&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.