|
Family: Databases --> Category: infos
Oracle 9iAS Globals.jsa access Vulnerability Scan
Vulnerability Scan Summary Tests for Oracle9iAS Globals.jsa access
Detailed Explanation for this Vulnerability Test
In the default configuration of Oracle9iAS, it is possible to make
requests for the globals.jsa file for a given web application.
These files should not be returned by the server as they often
contain sensitive information.
Solution:
Edit httpd.conf to disallow access to *.jsa.
References:
http://www.nextgenss.com/advisories/orajsa.txt
http://www.oracle.com
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|