| VID |
22170 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Oracle9iAS server allows anonymous user to access the SOAP configuration file.
The Oracle9iAS application server supports the SOAP(Simple Access Protocol), a simple and lightweight protocol for exchanging information between peers in a decentralized, distributed environment using XML, for Web administration of database services. In the default installation of Oracle9iAS, the server contains the important configuration file called "soapConfig.xml". This configuration file includes the detailed information, such as the location of SOAP provider, service manager, administrative URL, and the sensitive information, such as the database server host name, user's ID and password. If this file has the appropriate permissions set, an HTTP request to access the files returns a "403 Forbidden" response. But, the default configuration of Oracle9iAS allows the anonymous user to access this important file without authentication. As the result, a remote attacker can read it directly or using the XSQLServlet via a virtual directory as the following:
http://target_server/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
http://target_server/servlet/oraccle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
* Platforms Affected :
Oracle9i Application Server 1.0.2
Oracle8i Application Server 8.1.7.1
Oracle8i Application Server 8.1.7
Oracle9i Application Server 9.0
Oracle9i Application Server 9.0.1
* References:
http://online.securityfocus.com/bid/4290
http://www.iss.net/security_center/static/8453.php |
| Recommendation |
No solution available as of June 2014.
As the workaround, Set the appropriate permissions to the "soapConfig.xml" for blocking access to it. |
| Related URL |
CVE-2002-0568 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
