Family: Databases --> Category: infos
Oracle 9iAS default error information disclosure Vulnerability Scan
Vulnerability Scan Summary
Tries to retrieve the phisical path of files through Oracle9iAS
Detailed Explanation for this Vulnerability Test
It is possible to obtain the physical path of the remote server
Oracle 9iAS allows remote attackers to obtain the physical path of a file
under the server root via a request for a non-existent .JSP file. The default
error generated leaks the pathname in an error message.
Ensure that virtual paths of URL is different from the actual directory
path. Also, do not use the directory in
'ApJServMount ' to store data or files.
Upgrading to Oracle 9iAS 126.96.36.199.0 will also fix this issue.
See also :
Click HERE for more information and discussions on this network vulnerability scan.