Description

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

Remediation

References

CVE-2000-1235

Related Vulnerabilities

Oracle Database Server CVE-2008-2590 Vulnerability (CVE-2008-2590)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0866)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7934)

Undertow CVE-2022-4492 Vulnerability (CVE-2022-4492)

WordPress Plugin Genesis Columns Advanced Cross-Site Scripting (2.0.3)

Severity

Medium

Classification

CVE-2000-1235

Tags

Missing Update Known Vulnerabilities