Description

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

Remediation

References

CVE-2000-1235

Related Vulnerabilities

Apache Traffic Server Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-37392)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1318)

Sqlite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-3717)

WordPress Plugin Featurific For WordPress 'snum' Parameter Cross-Site Scripting (1.6.2)

Apache HTTP Server Other Vulnerability (CVE-2002-0654)

Severity

Medium

Classification

CVE-2000-1235

Tags

Missing Update Known Vulnerabilities