Summary
In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted.
Solution
Edit httpd.conf to restrict access to /dms0.
Severity
Classification
-
CVE CVE-2002-0563 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability