Vulnerabilities > CVE-1999-1125 - Unspecified vulnerability in Oracle Http Server

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

oracle

critical

NVD

Published: 1997-09-19

Updated: 2016-10-18

Summary

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Http Server 1.0 Oracle Http Server - Oracle Http Server 1.0.2.0 Oracle Http Server 1.0.2.1 Oracle Http Server 1.0.2.2 Oracle Http Server 2.1	6

References

http://marc.info/?l=bugtraq&m=87602880019796&w=2