CVE-1999-1125

Oracle Http — NVD-CWE-Other

EPSS 0.00935
  • Published: 1997-09-19T04:00:00.000
  • Last modified: 2025-04-03T01:03:51.193
  • Vendors: Oracle
  • Products: Http
  • CWE: NVD-CWE-Other

CVE-1999-1125 — Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. [Weakness: NVD-CWE-Other]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No items for this vendor.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

🧠 Explainer: What this vulnerability means

Summary: The issue in Http by Oracle (CWE: unspecified) may enable attacks.

Impact: Systems could be compromised, leading to confidentiality, integrity, or availability loss.

Mitigation: Until patched, restrict exposure, enforce least privilege, and monitor for suspicious activity.

CWE: NVD-CWE-Other
Oracle Http

No explicit mitigation/advisory links found in references.