CyberSec.Space Logo
CVEブラウザに戻る

CVE-1999-1125

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile40.84th
Published1997年9月19日
Last Modified2026年4月16日

Vulnerability Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Affected Platforms (CPE)

📦
Oracle

Http Server

<= 2.1
📦
Oracle

Http Server

= 1.0

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=87602880019796&w=2
🔗 http://marc.info/?l=bugtraq&m=87602880019796&w=2

関連する脆弱性情報

CVE-2018-390710.0

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Fi...

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2017-1013710.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that ar...

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...