Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Remediation

References

CVE-1999-1125

Related Vulnerabilities

WordPress Plugin Web Forms for Vtiger wordpress Lead capture and Contacts Sync Unspecified Vulnerability (1.0.0)

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

WordPress Plugin Smooth Scroll Page Up/Down Buttons Cross-Site Scripting (1.3)

phpList Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2020-8547)

WordPress Plugin PHP Everywhere Security Bypass (1.3)

Severity

Critical

Classification

CVE-1999-1125

Tags

Missing Update Known Vulnerabilities