Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle 9i默认配置文件信息泄露漏洞
Vulnerability Description
Oracle 9iAS包含了两个重要的配置文件叫"XSQLConfig.xml"和"soapConfig.xml",它们分别是XSQL和SOAP组件的配置文件,其中存放了一些敏感信息比如数据库服务器主机名、数据库用户名和口令等等。 Oracle 9iAS在这两个敏感文件的访问控制上存在问题,导致远程攻击者可能得到其中的信息。 Oracle 9iAS对这些配置文件的访问没有做任何认证,任何客户端可以轻易地通过Web虚拟目录访问到这两个文件。
CVSS Information
N/A
Vulnerability Type
N/A