Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle 9i应用服务器PL/SQL Apache模块目录遍历漏洞
Vulnerability Description
Oracle 9i应用服务器基于Apache Web服务器,支持SOAP、PL/SQL、XSQL、JSP等环境。 PL/SQL Apache module for Oracle 9iAS提供了对数据库访问描述符的远程管理和帮助页。 此程序模块存在输入验证错误,可以使远程攻击者遍历主机上的目录,读取任意有权限读取的文件。 由于Oracle PL/SQL Apache模块对用户提交的请求进行了二次解码,攻击者可以通过提交包含二次编码的"../"(%252F..%252F)的请求给服务器,就可能遍历主机的目录,
CVSS Information
N/A
Vulnerability Type
N/A