Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability

Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability

Several sample scripts distributed with 9i Application Server have been reported to contain security flaws. The scripts may allow an attacker to send arbitrary emails from the Oracle server or disclose environment variables and other data.

Information obtained in this manner may be used by an attacker to launch further, potentially destructive, attacks against a vulnerable server.