Family: Databases --> Category: attack
Oracle 9iAS web admin Vulnerability Scan
Vulnerability Scan Summary
Oracle 9iAS mod_plsql admin page
Detailed Explanation for this Vulnerability Test
Oracle 9i Application Server uses Apache as it's web
server with an Apache module for PL/SQL support.
By default, no authentication is required to access the
DAD configuration page. A possible hacker may use this flaw
to modify PL/SQL applications or prevent the remote host
from working properly.
Solution: Access to the relevant page can be restricted by
editing the file /Apache/modplsql/cfg/wdbsvr.app
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.