National Cyber-Alert System
Vulnerability Summary: CVE-2002-1632
Orirignal release date: 2002-12-31
Source: US-CERT/NIST

Overview

    Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

Impact

    CVSS Severity: 6.7 (Medium)
    Range: remote
    Authentication: config
    Impact Type: conf,int

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Oracle9i Application Server (Oracle)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1632