Description

Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.

Remediation

References

CVE-2002-0565

Related Vulnerabilities

Chamilo Improper Privilege Management Vulnerability (CVE-2022-27421)

Drupal Core 8.6.x Multiple Vulnerabilities (8.6.0 - 8.6.5)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-26143)

Joomla! Core 2.5.x Arbitrary File Upload (2.5.0 - 2.5.13)

Ruby Improper Authentication Vulnerability (CVE-2007-5770)

Severity

Medium

Classification

CVE-2002-0565

Tags

Missing Update Known Vulnerabilities