• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle 9i Application Server Insecure Default File Permissions Vulnerability

9i Application Server (9iAS) is the web application server infrastructure distributed by Oracle.

It has been reported that Oracle 9iAS does not install with secure default permissions. The default installation of Oracle 9iAS allows users with local access to the system to access some contents of the 9iAS installation. A user with local access may also modify or remove files affected by this vulnerability. It should be noted that this only affects 9iAS installed on Microsoft Windows NT and 2000 systems.