WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle applications logs publicy available

Description

Oracle SQLNet and/or listener log files are publicly accessible. The SQLNet and Listener log files provide audit data useful to the discovery of suspicious behavior. The log files may contain usernames and passwords in clear text as well as other information that could aid a malicious user with unauthorized access attempts to the database. Generation and protection of these files helps support security monitoring efforts.

Remediation

Restrict access to the listener and sqlnet log files.

References

Trace and Log Parameter Reference

Related Vulnerabilities

Virtual Host locations misconfiguration

WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.16)

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

Redis Unauthorized Access Vulnerability

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure