CVE-1999-1125

CVSS 10.0 - HIGH
Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Affected Products
2
Vendor Product Version
oracle http_server All versions
oracle http_server 1.0
References
http://marc.info/?l=bugtraq&m=87602880019796&w=2
http://marc.info/?l=bugtraq&m=87602880019796&w=2
Weakness Types
NVD-CWE-Other
CVE Information
CVE ID:
CVE-1999-1125
Published:
1997-09-19
Modified:
2026-04-16
CVSS Score:
10.0
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Vendors
oracle
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL