CVE-2002-1632

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1632
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / application_server	9.0.2.0.0	9.0.2.0.0.x
oracle / application_server	9.0.2.0.1	9.0.2.0.1.x
oracle / application_server	1.0.2.1s	1.0.2.1s.x
oracle / application_server	1.0.2.2	1.0.2.2.x
oracle / application_server	1.0.2	1.0.2.x

http://www.kb.cert.org/vuls/id/717827
http://www.kb.cert.org/vuls/id/SVIM-576QLZ
http://www.nextgenss.com/papers/hpoas.pdf
http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.securityfocus.com/bid/6556
https://exchange.xforce.ibmcloud.com/vulnerabilities/8665

Vulnerability Database

289,697

CVE-2002-1632