CVE-2002-0568

Published: Jul 3, 2002Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Affected (5)

Products: Oracle: Application Server, Oracle8i, Oracle9i

3 products

Application Server

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Application Server	Version 1.0.2
Oracle Oracle8i	Version 8.1.7.1
Oracle Oracle8i	Version 8.1.7
Oracle Oracle9i	Version 9.0.1
Oracle Oracle9i	Version 9.0

References (10)

http://marc.info/?l=bugtraq&m=101301813117562&w=2

Source: cve@mitre.org

http://www.cert.org/advisories/CA-2002-08.html

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/476619

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.nextgenss.com/papers/hpoas.pdf

Source: cve@mitre.org

http://www.securityfocus.com/bid/4290

Source: cve@mitre.org

Vendor Advisory

http://marc.info/?l=bugtraq&m=101301813117562&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cert.org/advisories/CA-2002-08.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/476619

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

http://www.nextgenss.com/papers/hpoas.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/4290

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.