Oracle 9i Application Server Path Revealing Vulnerability

Oracle 9i Application Server comes with an Apache-based web server and Java servlet engine.

A vulnerability exists that could allow a malicious user to view the full path to the web folder by sending the server an HTTP request for a non-existant .jsp file. This request could cause the server to send an error message revealing the web folder path information.

A similar vulnerability was found in Apache Tomcat 3.1 which may be related to this vulnerability. See BugTraq ID 1531 for details.


 

Privacy Statement
Copyright 2010, SecurityFocus