Detections
Analytics

Oracle Application Server XSQLServlet XSQLConfig.xml Information Disclosure

low Nessus Plugin ID 10855

Synopsis

Sensitive data can be read on the remote host.

Description

It is possible to read the contents of the XSQLConfig.xml file which contains sensitive information.

Solution

Move this file to a safer location and update your servlet engine's configuration file to reflect the change.

See Also

http://www.nessus.org/u?97653726

https://www.oracle.com/index.html

Plugin Details

Severity: Low

ID: 10855

File Name: oracle9i_XSQLServlet_XSQLConfig.nasl

Version: 1.29

Type: remote

Family: Databases

Published: 2/7/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:oracle:application_server

Required KB Items: www/OracleApache

Exploit Ease: No known exploits are available

Patch Publication Date: 2/6/2002

Vulnerability Publication Date: 1/10/2002

Reference Information

CVE: CVE-2002-0568

BID: 4290