This script is Copyright (C) 2003-2014 Javier Fernandez-Sanguino
The remote web server is affected by an information disclosure
In a default installation of Oracle 9iAS v.220.127.116.11.1, it is possible to
access some configuration files. These files include detailed
information on how the product was installed on the server including
where the SOAP provider and service manager are located as well as
administrative URLs to access them. They may also contain sensitive
information (usernames and passwords for database access).
See also :
Modify the file permissions so that the web server process cannot
retrieve it. Note however that if the XSQLServlet is present it might
bypass filesystem restrictions.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true