Описание
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
Уязвимые конфигурации
Конфигурация 1Версия до 2.1 (включая)
Одно из
cpe:2.3:a:oracle:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00935
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
около 3 лет назад
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
EPSS
Процентиль: 75%
0.00935
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other