ID de Prueba:	1.3.6.1.4.1.25623.1.0.11226
Categoría:	Web application abuses
Título:	Oracle 9iAS default error information disclosure
Resumen:	Oracle 9iAS allows remote attackers to obtain the physical path of a file; under the server root via a request for a non-existent .JSP file. The default; error generated leaks the pathname in an error message.
Descripción:	Summary: Oracle 9iAS allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file. The default error generated leaks the pathname in an error message. Solution: Ensure that virtual paths of URL is different from the actual directory path. Also, do not use the directory in 'ApJServMount ' to store data or files. Upgrading to Oracle 9iAS 1.1.2.0.0 will also fix this issue. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1372 BugTraq ID: 3341 http://www.securityfocus.com/bid/3341 Bugtraq: 20010917 Yet another path disclosure vulnerability (Google Search) http://marc.info/?l=bugtraq&m=100074087824021&w=2 Bugtraq: 20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i (Google Search) http://marc.info/?l=bugtraq&m=100119633925473&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#278971 http://www.kb.cert.org/vuls/id/278971 http://www.nii.co.in/research.html XForce ISS Database: oracle-jsp-reveal-path(7135) https://exchange.xforce.ibmcloud.com/vulnerabilities/7135
Copyright	Copyright (C) 2003 Javier Fernandez-Sanguino

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.