Signature Detail

Short Name	HTTP:ORACLE:CONF-ACCESS
Severity	Info
Recommended	No
Category	HTTP
Release Date	2006/10/20
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+

HTTP: Oracle Configuration Disclosure

This signature detects attemps to access configuration files. These files contain sensitive information about Oracle services configuration.

Extended Description

Oracle 9iAS installations include the Apache web server and several Apache services which are installed by default. On default installations of Oracle 9iAS, unauthenticated remote users can view sensitive services, including Dynamic Monitoring Services.

Affected Products

Oracle Oracle9i Application Server

References

BugTraq: 4293
CERT: CA-2002-08
CVE: CVE-2002-0563
URL: http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
URL: http://www.kb.cert.org/vuls/id/168795
URL: http://www.nextgenss.com/papers/hpoas.pdf

Signature Detail

Short Name

Severity

Recommended

Category

Release Date

Update Number

Supported Platforms

HTTP: Oracle Configuration Disclosure

Extended Description

Affected Products

References