Oracle HTTP Listener Default Web Page Detection

Medium Nessus Network Monitor Plugin ID 2516

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running the Oracle HTTP Configuration interface. This interface allows anonymous users to view configuration details. In addition, an attacker may be able to make configuration changes if the default settings are in place.

Solution

Lock down or remove the Oracle HTTP Configuration interface.

See Also

http://online.securityfocus.com/archive/1/155881

Plugin Details

Severity: Medium

ID: 2516

File Name: 2516.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2016/01/30

Dependencies: 1442

Nessus ID: 10849

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:ND/RL:O/RC:C