PT-2001-1551 · Oracle · Oracle Application Server 9Ias+1

Published

2001-05-03

Updated

2017-10-10

CVE-2001-0326

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Java Virtual Machine (JVM) for Oracle versions 8.1.7 Oracle Application Server 9iAS version 1.0.2.0.1

Description The issue allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the ALL FILES FilePermission.

Recommendations For Oracle Java Virtual Machine (JVM) for Oracle version 8.1.7, consider restricting access to .jsp and .sqljsp files until a fix is available. For Oracle Application Server 9iAS version 1.0.2.0.1, restrict the use of the ALL FILES FilePermission to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0326

Affected Products

Oracle Application Server 9Ias

Oracle Java Virtual Machine

PT-2001-1551 · Oracle · Oracle Application Server 9Ias+1

CVE-2001-0326

Related Identifiers

Affected Products

References · 5