Oracle 9iAS Administrative Web Interface Authentication Weakness

High Nessus Network Monitor Plugin ID 1894

Synopsis

The remote Oracle 9i Application Server administrative interface runs on this port.

Description

The remote Oracle 9i Application Server administrative interface runs on this port. Make sure that the access to this interface is restricted to the persons who are in charge of this server.

Solution

Impose Access Control Lists (ACLs) on the administrative interface.

See Also

http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf

Plugin Details

Severity: High

ID: 1894

File Name: 1894.prm

Family: Web Servers

Published: 2004/08/20

Modified: 2016/01/21

Nessus ID: 11452

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:U/RC:C

Reference Information

CVE: CVE-2002-0561

BID: 4292