← CVECheck
HomeVulnerabilities

CVE-1999-1125 — HIGH severity vulnerability (Oracle Webserver 2.1 and earlier runs setuid root, but the c)

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

CVE IDCVE-1999-1125
SeverityHIGH
CVSS score10.0
CVSS vectorAV:N/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published1997-09-19
Last modified2026-04-16
DescriptionOracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →