This script is Copyright (C) 2002-2014 Matt Moore
Sensitive data may be read on the remote host.
In a default installation of Oracle 9iAS it is possible to read the
source of JSP files. When a JSP is requested it is compiled 'on the fly'
and the resulting HTML page is returned to the user. Oracle 9iAS uses a
folder to hold the intermediate files during compilation. These files
are created in the same folder in which the .JSP page resides. Hence, it
is possible to access the .java and compiled .class files for a given
See also :
Edit httpd.conf to disallow access to the _pages folder.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Nessus Plugin ID: 10852 ()
Bugtraq ID: 4034
CVE ID: CVE-2002-0565
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.