Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle 9iAS OracleJSP泄漏JSP文件信息漏洞
Vulnerability Description
Oracle 9iAS(Application Server)的web服务使用的是Apache Web Server,它提供了多种应用环境,包括SOAP,PL/SQL,XSQL以及JSP。 Oracle 9iAS的OracleJSP环境中存在一个安全问题,允许远程攻击者获取翻译后的JSP页面的源代码。另外一个问题允许攻击者获取globals.jsa文件的内容。 当用户向运行OracleJSP的服务器请求一个JSP页面时,该JSP页面会首先被翻译,然后编译、执行,并将执行结果返回给客户端。在此过程中,三个临
CVSS Information
N/A
Vulnerability Type
N/A