Summary
In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted.
Solution
Edit httpd.conf to restrict access to /dms0.
Severity
Classification
-
CVE CVE-2002-0563 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Apache Open For Business HTML injection vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability