Vulnerability Name: | CVE-2001-1372 (CCN-7135) | ||||||||
Assigned: | 2001-09-17 | ||||||||
Published: | 2001-09-17 | ||||||||
Updated: | 2017-10-10 | ||||||||
Summary: | Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Sep 17 2001 - 04:02:08 CDT Yet another path disclosure vulnerability Source: CCN Type: BugTraq Mailing List, Fri Sep 21 2001 - 18:04:03 CDT Response to "Path disclosure vulnerability in Oracle 9i and 8i Application Server" Source: MITRE Type: CNA CVE-2001-1372 Source: BUGTRAQ Type: UNKNOWN 20010917 Yet another path disclosure vulnerability Source: BUGTRAQ Type: UNKNOWN 20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i Source: CONFIRM Type: UNKNOWN http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf Source: CCN Type: CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers Source: CERT Type: Third Party Advisory, US Government Resource CA-2002-08 Source: CCN Type: US-CERT VU#278971 Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information Source: CERT-VN Type: US Government Resource VU#278971 Source: CCN Type: Network Intelligence India Pvt. Ltd. Web site Oracle Path Disclosure Source: MISC Type: UNKNOWN http://www.nii.co.in/research.html Source: CCN Type: OSVDB ID: 5406 Oracle Application Server Nonexistent .jsp File Request Error Message Path Disclosure Source: BID Type: Exploit, Patch, Vendor Advisory 3341 Source: CCN Type: BID-3341 Oracle 9i Application Server Path Revealing Vulnerability Source: XF Type: UNKNOWN oracle-jsp-reveal-path(7135) Source: XF Type: UNKNOWN oracle-jsp-reveal-path(7135) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |