Description

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

Remediation

References

CVE-2000-1235

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5285)

Oracle Database Server CVE-2007-3858 Vulnerability (CVE-2007-3858)

Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)

Oracle Database Server CVE-2007-0274 Vulnerability (CVE-2007-0274)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2057)

Severity

Medium

Classification

CVE-2000-1235

Tags

Missing Update Known Vulnerabilities