Oracle 9iAS XSQLServlet soapConfig.xml Authentication Credentials Disclosure

This script is Copyright (C) 2003-2014 Javier Fernandez-Sanguino


Synopsis :

The remote web server is affected by an information disclosure
vulnerability.

Description :

In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to
access some configuration files. These files include detailed
information on how the product was installed on the server including
where the SOAP provider and service manager are located as well as
administrative URLs to access them. They may also contain sensitive
information (usernames and passwords for database access).

See also :

http://www.nextgenss.com/papers/hpoas.pdf
http://otn.oracle.com/deploy/security/pdf/ojvm_alert.pdf

Solution :

Modify the file permissions so that the web server process cannot
retrieve it. Note however that if the XSQLServlet is present it might
bypass filesystem restrictions.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 11224 ()

Bugtraq ID: 4290

CVE ID: CVE-2002-0568