Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by an
authentication bypass vulnerability.

Description :

Oracle 9i Application Server uses Apache as its web
server with an Apache module for PL/SQL support.

By default, no authentication is required to access the
DAD configuration page. An attacker may use this flaw
to modify PL/SQL applications or prevent the remote host
from working properly.

See also :

Solution :

Access to the relevant page can be restricted by
editing the file /Apache/modplsql/cfg/

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.5
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 11452 ()

Bugtraq ID: 4292

CVE ID: CVE-2002-0561

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now