|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-07-03 | |
| Rule Name: | Oracle HTTP Server Globals.JSA Access Information Disclosure Vulnerability (CVE-2002-0562) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows | |
| Reference: | SecurityFocusBID:4034 http://marc.info/?l=bugtraq&m=101301440005580&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://metalink.oracle.com |