CVE-2002-1639

Published: Apr 1, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".

Affected (3)

Products: Oracle: Configurator

Oracle

1 product

Configurator

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Configurator	From 11.5.6.0.0 to 11.5.6.16.53
Oracle Configurator	From 11.5.7.0.0 to 11.5.7.17.31
Oracle Configurator	Version 11i

References (10)

http://securitytracker.com/id?1003967

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/158323

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/4433

Source: cve@mitre.org

Third Party AdvisoryVDB EntryVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/8782

Source: cve@mitre.org

VDB Entry

http://securitytracker.com/id?1003967