Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Databases >> Oracle 9iAS default error information disclosure


Vulnerability Assessment Details

Oracle 9iAS default error information disclosure

Vulnerability Assessment Summary
Tries to retrieve the phisical path of files through Oracle9iAS

Detailed Explanation for this Vulnerability Assessment

Summary :

It is possible to obtain the physical path of the remote server
web root.

Description :

Oracle 9iAS permits remote attackers to obtain the physical path of a file
under the server root via a request for a non-existent .JSP file. The default
error generated leaks the pathname in an error message.

Solution :

Ensure that virtual paths of URL is different from the actual directory
path. Also, do not use the directory in
'ApJServMount ' to store data or files.

Upgrading to Oracle 9iAS 1.1.2.0.0 will also fix this issue.


See also :

http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf
http://www.kb.cert.org/vuls/id/278971
http://www.cert.org/advisories/CA-2002-08.html

http://www.nextgenss.com/papers/hpoas.pdf

Network Security Threat Level:

Low

Networks Security ID: 3341

Vulnerability Assessment Copyright: This script is Copyright (C) 2003 Javier Fernandez-Sanguino

Cables, Connectors

ZOTAC ZBOX CI325 Nano Fanless Mini PC Intel N3160 CPU Intel HD Graphics 4GB 32GB
$302.52
ZOTAC ZBOX CI325 Nano Fanless Mini PC Intel N3160 CPU Intel HD Graphics 4GB 32GB pictureBXQINLENX 3/8" X 1/2" 9.5X12.7mm Water Cooling Tubing Hose For PC CPU CO2 Lase
$15.31
BXQINLENX 3/8Intel Core i7-7700 Desktop Processor 8M Cache, 3.6GHz (Max Turbo Frequency 4.20G
$417.61
Intel Core i7-7700 Desktop Processor 8M Cache, 3.6GHz (Max Turbo Frequency 4.20G pictureIntel Core i5-2400 3.1 GHz Quad Core Processor CPU SR00Q LGA1155
$59.0
Intel Core i5-2400 3.1 GHz Quad Core Processor CPU SR00Q LGA1155  picture


Discussions

No Discussions have been posted on this vulnerability.