Description

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

Remediation

References

CVE-2001-1217

Related Vulnerabilities

MySQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0709)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3810)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.33)

Joomla Other Vulnerability (CVE-2013-1453)

Severity

Medium

Classification

CVE-2001-1217

Tags

Missing Update Known Vulnerabilities