ID de Prueba:	1.3.6.1.4.1.25623.1.0.10851
Categoría:	Web application abuses
Título:	Oracle 9iAS Java Process Manager
Resumen:	The remote host is an Oracle 9iAS server. It is possible to; obtain the list of Java processes running on the remote host anonymously, as well as to start; and stop them.
Descripción:	Summary: The remote host is an Oracle 9iAS server. It is possible to obtain the list of Java processes running on the remote host anonymously, as well as to start and stop them. Vulnerability Impact: By default, accessing the location /oprocmgr-status via HTTP lets an attacker obtain the list of processes running on the remote host, and even to start or stop them. Solution: Restrict access to /oprocmgr-status in httpd.conf CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0563 BugTraq ID: 4293 http://www.securityfocus.com/bid/4293 Bugtraq: 20020206 Hackproofing Oracle Application Server paper (Google Search) http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#168795 http://www.kb.cert.org/vuls/id/168795 http://www.appsecinc.com/Policy/PolicyCheck7024.html http://www.nextgenss.com/papers/hpoas.pdf http://www.osvdb.org/13152 http://www.osvdb.org/705 http://securitytracker.com/id?1009167 XForce ISS Database: oracle-appserver-apache-services(8455) https://exchange.xforce.ibmcloud.com/vulnerabilities/8455
Copyright	Copyright (C) 2002 Matt Moore

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.