Description
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
Remediation
References
Related Vulnerabilities
Mailman CVE-2006-2941 Vulnerability (CVE-2006-2941)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000398)
Oracle Database Server CVE-2012-1747 Vulnerability (CVE-2012-1747)
PHP Resource Management Errors Vulnerability (CVE-2014-2497)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225)