Description

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Remediation

References

CVE-2002-0568

Related Vulnerabilities

WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4360)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.1.5)

MySQL CVE-2015-4771 Vulnerability (CVE-2015-4771)

Severity

Low

Classification

CVE-2002-0568

Tags

Missing Update Known Vulnerabilities