CyberSec.Space Logo
Back to CVE Browser

CVE-1999-1125

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile40.84th
PublishedSep 19, 1997
Last ModifiedApr 16, 2026

Vulnerability Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Affected Platforms (CPE)

📦
Oracle

Http Server

<= 2.1
📦
Oracle

Http Server

= 1.0

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=87602880019796&w=2
🔗 http://marc.info/?l=bugtraq&m=87602880019796&w=2

Related Vulnerabilities

CVE-2018-390710.0

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Fi...

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2017-1013710.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that ar...

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...