PT-2001-1551 · Oracle · Oracle Application Server 9Ias+1

Publicado

2001-05-03

Atualizado

2017-10-10

CVE-2001-0326

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Java Virtual Machine (JVM) for Oracle versions 8.1.7 Oracle Application Server 9iAS version 1.0.2.0.1

Description The issue allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the ALL FILES FilePermission.

Recommendations For Oracle Java Virtual Machine (JVM) for Oracle version 8.1.7, consider restricting access to .jsp and .sqljsp files until a fix is available. For Oracle Application Server 9iAS version 1.0.2.0.1, restrict the use of the ALL FILES FilePermission to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2001-0326

Produtos afetados

Oracle Application Server 9Ias

Oracle Java Virtual Machine

PT-2001-1551 · Oracle · Oracle Application Server 9Ias+1

CVE-2001-0326

Identificadores relacionados

Produtos afetados

Referências · 5