Description

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

Remediation

References

CVE-2002-0562

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1759)

WordPress Plugin Locations Cross-Site Request Forgery (3.2.1)

MySQL Other Vulnerability (CVE-2002-0969)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9463)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-45150)

Severity

Medium

Classification

CVE-2002-0562

Tags

Missing Update Known Vulnerabilities