PT-2002-1103 · Oracle · Oracle Application Server 9Ias

Publicado

2002-02-06

Atualizado

2016-10-18

CVE-2001-1371

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Application Server 9iAS version 1.0.2.2

Description The default configuration of the software enables SOAP and allows anonymous users to deploy applications by default via "urn:soap-service-manager" and "urn:soap-provider-manager" API endpoints.

Recommendations For Oracle Application Server 9iAS version 1.0.2.2, consider disabling the anonymous deployment of applications via the "urn:soap-service-manager" and "urn:soap-provider-manager" API endpoints to minimize the risk of exploitation. Restrict access to these endpoints to prevent unauthorized application deployment.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2001-1371

Produtos afetados

Oracle Application Server 9Ias

PT-2002-1103 · Oracle · Oracle Application Server 9Ias

CVE-2001-1371

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9