VDB
CVE-2002-0947
CVE-2002-0947
PUBLISHED
CVSS 7.5 HIGH
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
EPSS 8.59% · 92.6th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
8.59%
92.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | application_server | 9.0.2 |
| oracle | reports | 6.0.8 |
| n/a | n/a | n/a |
Timeline
- Oct 4, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- oracle-reports-server-bo(9289) vdb
- VU#997403 third-party-advisory
- http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf url
- 20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B) mailing-list
- http://www.nextgenss.com/vna/ora-reports.txt url
- 20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B) mailing-list
- 4848 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-0947 advisory