OpenCVE

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Application Server Application Server Web Cache Oracle8i Oracle9i

Configuration 1 [-]

OR	cpe:2.3:a:oracle:application_server:1.0.2:::::::*
	cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:::::::*
	cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:::::::*
	cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:::::::*
	cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:::::::*
	cpe:2.3:a:oracle:oracle8i:8.1.7:::::::*
	cpe:2.3:a:oracle:oracle8i:8.1.7.1:::::::*
	cpe:2.3:a:oracle:oracle9i:9.0:::::::*
	cpe:2.3:a:oracle:oracle9i:9.0.1:::::::*

No data.

References

Link	Providers
http://online.securityfocus.com/archive/1/254426
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.cert.org/advisories/CA-2002-08.html
http://www.kb.cert.org/vuls/id/313280
http://www.kb.cert.org/vuls/id/659043
http://www.kb.cert.org/vuls/id/750299
http://www.kb.cert.org/vuls/id/878603
http://www.kb.cert.org/vuls/id/923395
http://www.nextgenss.com/papers/hpoas.pdf
http://www.securityfocus.com/bid/4032
https://exchange.xforce.ibmcloud.com/vulnerabilities/8095
https://exchange.xforce.ibmcloud.com/vulnerabilities/8096
https://exchange.xforce.ibmcloud.com/vulnerabilities/8097
https://exchange.xforce.ibmcloud.com/vulnerabilities/8098

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-11T04:00:00

Updated: 2024-08-08T02:56:37.800Z

Reserved: 2002-06-07T00:00:00

Link: CVE-2002-0559

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-07-03T04:00:00.000

Modified: 2017-12-19T02:29:37.737

Link: CVE-2002-0559

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object