Summary
It is possible to obtain the physical path of the remote server web root.
Description :
Oracle 9iAS allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file. The default error generated leaks the pathname in an error message.
Solution
Ensure that virtual paths of URL is different from the actual directory path. Also, do not use the <servletzonepath> directory in 'ApJServMount <servletzonepath> <servletzone>' to store data or files.
Upgrading to Oracle 9iAS 1.1.2.0.0 will also fix this issue.
http://www.nextgenss.com/papers/hpoas.pdf
References
Severity
Classification
-
CVE CVE-2001-1372 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities