Description

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.

Remediation

References

CVE-2001-1372

Related Vulnerabilities

WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.05)

WordPress Plugin FireStats Cross-Site Scripting (1.6.4)

Oracle Database Server CVE-2007-5515 Vulnerability (CVE-2007-5515)

Oracle JRE CVE-2019-2949 Vulnerability (CVE-2019-2949)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.153.3)

Severity

Medium

Classification

CVE-2001-1372

Tags

Missing Update Known Vulnerabilities