|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Databases >> Oracle 9iAS SOAP configuration file retrieval Vulnerability Assessment Details
|
Oracle 9iAS SOAP configuration file retrieval |
||
|
Tries to retrieve Oracle9iAS SOAP configuration file Detailed Explanation for this Vulnerability Assessment In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to access some configuration files. These file includes detailed information on how the product was installed in the server including where the SOAP provider and service manager are located as well as administrative URLs to access them. They might also contain sensitive information (usernames and passwords for database access). Solution: Modify the file permissions so that the web server process cannot retrieve it. Note however that if the XSQLServlet is present it might bypass filesystem restrictions. More information: http://otn.oracle.com/deploy/security/pdf/ojvm_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/476619 Also read: Hackproofing Oracle Application Server from NGSSoftware: available at http://www.nextgenss.com/papers/hpoas.pdf Network Security Threat Level: Medium Networks Security ID: 4290 Vulnerability Assessment Copyright: This script is Copyright (C) 2003 Javier Fernandez-Sanguino |
||
|
Switch Components, Memory |
|
||
|
No Discussions have been posted on this vulnerability. |