Description

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

Remediation

References

CVE-2002-1632

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8130)

WordPress Plugin WP Basic Elements Cross-Site Request Forgery (5.2.15)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-0331)

MySQL CVE-2016-5444 Vulnerability (CVE-2016-5444)

Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)

Severity

Medium

Classification

CVE-2002-1632

Tags

Missing Update Known Vulnerabilities