Description

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.

Remediation

References

CVE-2001-1372

Related Vulnerabilities

WordPress Plugin Google Forms Unspecified Vulnerability (0.93)

WordPress Plugin YITH WooCommerce Affiliates Security Bypass (1.6.3)

WordPress Other Vulnerability (CVE-2006-1796)

Drupal Core 7.x Open Redirect (7.0 - 7.40)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17383)

Severity

Medium

Classification

CVE-2001-1372

Tags

Missing Update Known Vulnerabilities