PL/SQL module 18.104.22.168.2 in Oracle 9i Application Server 1.0.2.x allows
remote attackers to bypass authentication for a Database Access
Descriptor (DAD) by modifying the URL to reference an alternate DAD
that already has valid credentials.
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.