CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Published: Jul 3, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0568
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / oracle9i	9.0.1	9.0.1.x
oracle / oracle9i	9.0	9.0.x
oracle / oracle8i	8.1.7.1	8.1.7.1.x
oracle / oracle8i	8.1.7	8.1.7.x
oracle / application_server	1.0.2	1.0.2.x

http://marc.info/?l=bugtraq&m=101301813117562&w=2
http://www.cert.org/advisories/CA-2002-08.html
http://www.kb.cert.org/vuls/id/476619
http://www.nextgenss.com/papers/hpoas.pdf
http://www.securityfocus.com/bid/4290

Vulnerability Database

289,599

CVE-2002-0568