| VID |
22049 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The globals.jsa file contents in the Oracle 9iAS is accessed. In the default configuration of Oracle9iAS, it is possible to make requests for the globals.jsa source file for a given web application. This file should not be returned by the server as they often contain sensitive information such as user IDs and passwords.
* References:
http://www.cert.org/advisories/CA-2002-08.html
http://marc.info/?l=bugtraq&m=101301440005580&w=2 |
| Recommendation |
Edit the httpd.conf file found in the $ORACLE_HOME$/apache/apache/conf and add the following entry:
<Files ~ "^\globals.jsa">
Order allow,deny
Deny from all
</Files> |
| Related URL |
CVE-2002-0562 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
