Oracle 9iAS DAD Admin Interface Network Vulnerability

Summary

In a default installation of Oracle 9iAS, it is possible to access the mod_plsql DAD Admin interface. Access to these pages should be restricted.

Solution

Edit the wdbsvr.app file, and change the setting 'administrators=' to named users who are allowed admin privileges. Reference : http://online.securityfocus.com/archive/1/155881

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ampache Reflected Cross Site Scripting Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache Struts Cross Site Scripting Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
AN Guestbook Local File Inclusion Vulnerability

Oracle 9iAS DAD Admin interface

Take action and discover your vulnerabilities