VDB
CVE-2002-0559
CVE-2002-0559
PUBLISHED
CVSS 7.5 HIGH
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
EPSS 38.71% · 97.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
38.71%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | oracle9i | 9.0.1, 9.0 |
| oracle | application_server_web_cache | 2.0.0.2, 2.0.0.3, 2.0.0.1 |
| oracle | application_server | 1.0.2 |
| oracle | oracle8i | 8.1.7, 8.1.7.1 |
| n/a | n/a | n/a |
Timeline
- Jun 11, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Apr 9, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- VU#750299 third-party-advisory
- VU#878603 third-party-advisory
- oracle-appserver-plsql-adddad-bo(8098) vdb
- CA-2002-08 third-party-advisory
- VU#659043 third-party-advisory
- oracle-appserver-plsql-cache-bo(8097) vdb
- oracle-appserver-plsql-authclient-bo(8096) vdb
- 20020206 Multiple Buffer Overflows in Oracle 9iAS mailing-list
- VU#313280 third-party-advisory
- http://www.nextgenss.com/papers/hpoas.pdf url
- http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf url
- 4032 vdb
- oracle-appserver-plsql-bo(8095) vdb
- VU#923395 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-0559 advisory