Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1235

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2000-1235
Last Modified 05 Sep 2008 04:22:59
Published 31 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-1235

Summary

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

Vulnerable Systems

Application

  • Oracle Application Server 3.0.7


References

BID - 2150

XF - oracle-webdb-admin-access(5818)

BUGTRAQ - 20001223 Potential Vulnerabilities in Oracle Internet Application Server

BUGTRAQ - 20001221 Re: Oracle WebDb engine brain-damagse

BUGTRAQ - 20001219 Oracle WebDb engine brain-damagse


Last Updated: 27 May 2016 10:36:05