PT-2002-1103 · Oracle · Oracle Application Server 9Ias

Published

2002-02-06

Updated

2016-10-18

CVE-2001-1371

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Application Server 9iAS version 1.0.2.2

Description The default configuration of the software enables SOAP and allows anonymous users to deploy applications by default via "urn:soap-service-manager" and "urn:soap-provider-manager" API endpoints.

Recommendations For Oracle Application Server 9iAS version 1.0.2.2, consider disabling the anonymous deployment of applications via the "urn:soap-service-manager" and "urn:soap-provider-manager" API endpoints to minimize the risk of exploitation. Restrict access to these endpoints to prevent unauthorized application deployment.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2001-1371

Affected Products

Oracle Application Server 9Ias

PT-2002-1103 · Oracle · Oracle Application Server 9Ias

CVE-2001-1371

Weakness Enumeration

Related Identifiers

Affected Products

References · 9