| Vulnerability Name: | CVE-2001-0326 (CCN-6438) | ||||||||
| Assigned: | 2001-02-12 | ||||||||
| Published: | 2001-02-12 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine Source: CCN Type: BugTraq Mailing List, Mon Feb 12 2001 - 16:13:47 CST Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine Source: MITRE Type: CNA CVE-2001-0326 Source: OSVDB Type: UNKNOWN 5706 Source: CCN Type: OSVDB ID: 5706 Oracle Java Virtual Machine (JVM) .jsp / .sqljsp Arbitrary File Access Source: XF Type: UNKNOWN oracle-jvm-file-permissions(6438) Source: XF Type: UNKNOWN oracle-jvm-file-permissions(6438) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||