Description
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
Remediation
References
Related Vulnerabilities
Atlassian Jira Observable Discrepancy Vulnerability (CVE-2020-4028)
WordPress Plugin Rate my Post-WP Rating System Multiple Vulnerabilities (3.3.4)
WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (1.2)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331)