CVE-2002-0563

Name of the Vulnerable Software and Affected Versions Oracle 9i Application Server version 1.0.2.x

Description The default configuration of the server allows remote anonymous users to access sensitive services without authentication. This includes access to Dynamic Monitoring Services such as dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, soap/servlet/Spy, and dms/AggreSpy. Additionally, Oracle Java Process Manager services like oprocmgr-status and oprocmgr-service can be accessed, which can be used to control Java processes.

Recommendations For Oracle 9i Application Server version 1.0.2.x, consider reconfiguring the server to require authentication for access to sensitive services, including Dynamic Monitoring Services and Oracle Java Process Manager. As a temporary workaround, restrict access to these services to minimize the risk of exploitation.