Oracle 9iAS Java Process Manager Network Vulnerability

Summary

It is possible to obtain the list of Java processes running on the remote host anonymously, as well as to start and stop them. Description : The remote host is an Oracle 9iAS server. By default, accessing the location /oprocmgr-status via HTTP lets an attacker obtain the list of processes running on the remote host, and even to to start or stop them.

Solution

Restrict access to /oprocmgr-status in httpd.conf

Severity

Classification

CVE CVE-2002-0563

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Archiva Multiple Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities

Take action and discover your vulnerabilities