Description
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Content Slide Multiple Vulnerabilities (1.4.2)
Squid Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-28652)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Request Forgery (1.22.24)
Jenkins Improper Certificate Validation Vulnerability (CVE-2017-1000396)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Cross-Site Scripting (5.10.1)