ID de Prueba:	1.3.6.1.4.1.25623.1.0.11224
Categoría:	Web application abuses
Título:	Oracle 9iAS SOAP configuration file retrieval
Resumen:	In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to; access some configuration files. These file includes detailed; information on how the product was installed in the server; including where the SOAP provider and service manager are located; as well as administrative URLs to access them. They might also; contain sensitive information (usernames and passwords for database; access).
Descripción:	Summary: In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to access some configuration files. These file includes detailed information on how the product was installed in the server including where the SOAP provider and service manager are located as well as administrative URLs to access them. They might also contain sensitive information (usernames and passwords for database access). Solution: Modify the file permissions so that the web server process cannot retrieve it. Note however that if the XSQLServlet is present it might bypass filesystem restrictions. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0568 BugTraq ID: 4290 http://www.securityfocus.com/bid/4290 Bugtraq: 20020206 Hackproofing Oracle Application Server paper (Google Search) http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#476619 http://www.kb.cert.org/vuls/id/476619 http://www.nextgenss.com/papers/hpoas.pdf
Copyright	Copyright (C) 2003 Javier Fernandez-Sanguino

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.