Test Kennung:	1.3.6.1.4.1.25623.1.0.11224
Kategorie:	Web application abuses
Titel:	Oracle 9iAS SOAP configuration file retrieval
Zusammenfassung:	In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to; access some configuration files. These file includes detailed; information on how the product was installed in the server; including where the SOAP provider and service manager are located; as well as administrative URLs to access them. They might also; contain sensitive information (usernames and passwords for database; access).
Beschreibung:	Summary: In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to access some configuration files. These file includes detailed information on how the product was installed in the server including where the SOAP provider and service manager are located as well as administrative URLs to access them. They might also contain sensitive information (usernames and passwords for database access). Solution: Modify the file permissions so that the web server process cannot retrieve it. Note however that if the XSQLServlet is present it might bypass filesystem restrictions. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	BugTraq ID: 4290 Common Vulnerability Exposure (CVE) ID: CVE-2002-0568 http://www.securityfocus.com/bid/4290 Bugtraq: 20020206 Hackproofing Oracle Application Server paper (Google Search) http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#476619 http://www.kb.cert.org/vuls/id/476619 http://www.nextgenss.com/papers/hpoas.pdf
Copyright	Copyright (C) 2003 Javier Fernandez-Sanguino

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.