Unrated severityNVD Advisory· Published Sep 19, 1997· Updated Apr 16, 2026

CVE-1999-1125

Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Affected products

Oracle Corporation/HTTP Server2 versions
cpe:2.3:a:oracle:http_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:http_server:*:*:*:*:*:*:*:*range: <=2.1
- cpe:2.3:a:oracle:http_server:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000