|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-06 | |
| Rule Name: | Oracle 9i HTTP Server XSQLServlet XSQLConfig.xml Access Vulnerability (CVE-2002-0568) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:4290 http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/476619 |
|
| Solutions |
|---|
| Set correct access permissions on both profiles to deny access to anonymous users. |