Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0326

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0326
Last Modified 05 Sep 2008 04:23:50
Published 03 May 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0326

Summary

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <> FilePermission.

Vulnerable Systems

Application

  • Oracle Application Server Release 1.0.2.0.1

  • Oracle8i 8.1.7 R3


References

BUGTRAQ - 20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine

XF - oracle-jvm-file-permissions(6438)

OSVDB - 5706


Last Updated: 27 May 2016 10:36:13