Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:CGI:ORACLE-RPT-INFOLEAK

Severity

 Low

Recommended

 No

Category

 HTTP

Keywords

 Oracle Report Server Information Leak

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle Report Server Information Leak


This signature detects attempts to exploit a known vulnerability in Oracle Report Server. Attackers can use a special URL to access configuration details.

Extended Description

A problem with Reports Server could make it possible to gain sensitive information from the server. Under some circumstances, Reports Server may yield sensitive information to unauthenticated remote users. This information may include the system path, software installed on the vulnerable system, and other information that may be used as points of entry.

Affected Products

  • Oracle Oracle9i Application Server Reports 9.0.2
  • Oracle Oracle Reports6i 6.0.8
  • Oracle Oracle Reports6i 6.0.8 .19

References

  • BugTraq: 5262
  • CVE: CVE-2002-1089
  • URL: http://sec.angrypacket.com/advisories/0004_AP.oracle.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out