This script is Copyright (C) 2003-2014 Javier Fernandez-Sanguino
The remote web server is affected by an information disclosure
In a default installation of Oracle 9iAS v.18.104.22.168.1, it is possible to
access some configuration files. These files include detailed
information on how the product was installed on the server including
where the SOAP provider and service manager are located as well as
administrative URLs to access them. They may also contain sensitive
information (usernames and passwords for database access).
See also :
Modify the file permissions so that the web server process cannot
retrieve it. Note however that if the XSQLServlet is present it might
bypass filesystem restrictions.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true
Nessus Plugin ID: 11224 ()
Bugtraq ID: 4290
CVE ID: CVE-2002-0568
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.