CVE-2002-0103
First published: Fri Mar 15 2002(Updated: )
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Web Cache | =2.0.0.0 | |
| Oracle Web Cache | =2.0.0.1 | |
| Oracle Web Cache | =2.0.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0103?
CVE-2002-0103 is classified as a medium severity vulnerability due to the potential for local privilege escalation.
How do I fix CVE-2002-0103?
To fix CVE-2002-0103, adjust the permissions of the executable and configuration files to restrict access.
Which versions are affected by CVE-2002-0103?
CVE-2002-0103 affects Oracle9iAS Web Cache versions 2.0.0.0, 2.0.0.1, and 2.0.0.2.
What types of attacks can exploit CVE-2002-0103?
CVE-2002-0103 can be exploited by local users to gain higher privileges, potentially allowing unauthorized access to sensitive data.
Is there a workaround for CVE-2002-0103 if a patch is unavailable?
A potential workaround for CVE-2002-0103 is to ensure that only trusted users have access to the system where Oracle9iAS Web Cache is installed.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/oracle
- canonical/oracle web cache
- version/oracle web cache/2.0.0.0
- version/oracle web cache/2.0.0.1
- version/oracle web cache/2.0.0.2