Unrated severityNVD Advisory· Published Jul 3, 2002· Updated Apr 16, 2026

CVE-2002-0561

Description

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.

Affected products

Oracle Corporation/Application Server
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
Oracle Corporation/Application Server Web Cache4 versions
cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*
Oracle Corporation/Oracle8i2 versions
cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*
Oracle Corporation/Oracle9i2 versions
cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdfnvdPatchVendor Advisory
www.kb.cert.org/vuls/id/611776nvdPatchThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/4292nvdVendor Advisory
www.cert.org/advisories/CA-2002-08.htmlnvdUS Government Resource
marc.infonvd
www.nextgenss.com/papers/hpoas.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000