The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-06-11T04:00:00
Updated: 2024-08-08T02:56:37.326Z
Reserved: 2002-06-07T00:00:00
Link: CVE-2002-0563
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-07-03T04:00:00.000
Modified: 2024-11-20T23:39:22.480
Link: CVE-2002-0563
Redhat
No data.