Description
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
Remediation
References
Related Vulnerabilities
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)
Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)
WordPress Plugin WordPress Geo-CF Geo Cross-Site Scripting (7.13.11)
WordPress Plugin Custom 404 Pro Cross-Site Scripting (3.2.8)
WordPress Plugin Web Application Firewall-website security Unspecified Vulnerability (2.1.2)