CVE-2002-0564

Name of the Vulnerable Software and Affected Versions Oracle 9i Application Server version 1.0.2.x

Description The issue allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. This is related to the PL/SQL module 3.0.9.8.2.

Recommendations For Oracle 9i Application Server version 1.0.2.x, consider restricting access to the PL/SQL module until a fix is available. As a temporary workaround, limit the ability to modify URLs referencing alternate DADs to prevent unauthorized access.