Description
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
Remediation
References
Related Vulnerabilities
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33334)
Atlassian Jira Improper Authentication Vulnerability (CVE-2019-20412)
Squid Out-of-bounds Write Vulnerability (CVE-2019-12527)
Zope Web Application Server Other Vulnerability (CVE-2010-3198)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1428)