Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Databases --> Category: infos

Oracle 9iAS default error information disclosure Vulnerability Scan

Vulnerability Scan Summary
Tries to retrieve the phisical path of files through Oracle9iAS

Detailed Explanation for this Vulnerability Test

Synopsis :

It is possible to obtain the physical path of the remote server
web root.

Description :

Oracle 9iAS allows remote attackers to obtain the physical path of a file
under the server root via a request for a non-existent .JSP file. The default
error generated leaks the pathname in an error message.

Solution :

Ensure that virtual paths of URL is different from the actual directory
path. Also, do not use the directory in
'ApJServMount ' to store data or files.

Upgrading to Oracle 9iAS will also fix this issue.

See also :

Threat Level:


Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.