Oracle 9iAS XSQLServlet soapConfig.xml Authentication Credentials Disclosure

This script is Copyright (C) 2003-2014 Javier Fernandez-Sanguino

Synopsis :

The remote web server is affected by an information disclosure

Description :

In a default installation of Oracle 9iAS v., it is possible to
access some configuration files. These files include detailed
information on how the product was installed on the server including
where the SOAP provider and service manager are located as well as
administrative URLs to access them. They may also contain sensitive
information (usernames and passwords for database access).

See also :

Solution :

Modify the file permissions so that the web server process cannot
retrieve it. Note however that if the XSQLServlet is present it might
bypass filesystem restrictions.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 11224 ()

Bugtraq ID: 4290

CVE ID: CVE-2002-0568

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now