Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11452
Category:CGI abuses
Title:Oracle 9iAS web admin
Summary:NOSUMMARY
Description:Description:


Oracle 9i Application Server uses Apache as it's web
server with an Apache module for PL/SQL support.

By default, no authentication is required to access the
DAD configuration page. An attacker may use this flaw
to modify PL/SQL applications or prevent the remote host
from working properly.

Solution: Access to the relevant page can be restricted by
editing the file /Apache/modplsql/cfg/wdbsvr.app

Risk factor : High

Cross-Ref: BugTraq ID: 4292
Common Vulnerability Exposure (CVE) ID: CVE-2002-0561
http://www.securityfocus.com/bid/4292
Bugtraq: 20020206 Hackproofing Oracle Application Server paper (Google Search)
http://marc.info/?l=bugtraq&m=101301813117562&w=2
http://www.cert.org/advisories/CA-2002-08.html
CERT/CC vulnerability note: VU#611776
http://www.kb.cert.org/vuls/id/611776
http://www.nextgenss.com/papers/hpoas.pdf
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.