Description

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

Remediation

References

CVE-2002-1632

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5285)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.10)

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-22474)

WordPress Plugin WP Unique Article Header Image Cross-Site Request Forgery (1.0)

WordPress Plugin BizLibrary Cross-Site Scripting (1.1)

Severity

Medium

Classification

CVE-2002-1632

Tags

Missing Update Known Vulnerabilities