CVE-2002-1632 Information

Description

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp (2) printenv (3) echo or (4) echo2.

Reference

http://www.kb.cert.org/vuls/id/717827 http://www.kb.cert.org/vuls/id/SVIM-576QLZ http://www.nextgenss.com/papers/hpoas.pdf http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf http://www.securityfocus.com/bid/6556 https://exchange.xforce.ibmcloud.com/vulnerabilities/8665