CVE-2000-1235

Name of the Vulnerable Software and Affected Versions Oracle Internet Application Server (IAS) versions 3.0.7 and earlier

Description The issue concerns the default configurations of the port listener and modplsql in Oracle Internet Application Server, which allow remote attackers to view privileged database information. This is achieved via HTTP requests for Database Access Descriptor (DAD) files.

Recommendations For Oracle Internet Application Server (IAS) versions 3.0.7 and earlier, consider reconfiguring the port listener and modplsql to restrict access to privileged database information. As a temporary workaround, restrict access to DAD files until a more permanent solution is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.