Lucene search

K

Oracle 9iAS Dynamic Monitoring Services

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2002 Matt MooreType 
openvas
 openvas
🔗 plugins.openvas.org👁 26 Views

Oracle 9iAS Dynamic Monitoring Services page may be accessed anonymously, posing a security risk

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
CERT
Oracle 9iAS allows anonymous remote users to view sensitive Apache services by default
12 Mar 200200:00
cert
OpenVAS
Oracle 9iAS Java Process Manager
3 Nov 200500:00
openvas
OpenVAS
Oracle 9iAS Java Process Manager
3 Nov 200500:00
openvas
OpenVAS
Oracle 9iAS Dynamic Monitoring Services
3 Nov 200500:00
openvas
NVD
CVE-2002-0563
3 Jul 200204:00
nvd
NVD
CVE-2007-1609
22 Mar 200723:19
nvd
Cvelist
CVE-2002-0563
11 Jun 200204:00
cvelist
Cvelist
CVE-2007-1609
22 Mar 200723:00
cvelist
Tenable Nessus
Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation
7 Feb 200200:00
nessus
Tenable Nessus
Oracle 9iAS DMS / JPM Pages Anonymous Access
7 Feb 200200:00
nessus
Rows per page
SourceLink
securityfocuswww.securityfocus.com/bid/4293
# SPDX-FileCopyrightText: 2002 Matt Moore
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:oracle:http_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10848");
  script_version("2023-08-03T05:05:16+0000");
  script_tag(name:"last_modification", value:"2023-08-03 05:05:16 +0000 (Thu, 03 Aug 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/4293");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2002-0563");
  script_name("Oracle 9iAS Dynamic Monitoring Services");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2002 Matt Moore");
  script_family("Web application abuses");
  script_dependencies("gb_oracle_app_server_detect.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("oracle/http_server/detected");

  script_tag(name:"solution", value:"Edit httpd.conf to restrict access to /dms0.");

  script_tag(name:"summary", value:"In a default installation of Oracle 9iAS, it is possible to access the
  Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted.");

  script_tag(name:"qod_type", value:"remote_analysis");
  script_tag(name:"solution_type", value:"Mitigation");

  exit(0);
}

include("http_func.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE))
  exit(0);

if(!get_app_location(cpe:CPE, port:port, nofork:TRUE))
  exit(0);

url = "/dms0";
req = http_get(item:url, port:port);
res = http_send_recv(port:port, data:req);
if(!res)
  exit(0);

if("DMSDUMP version" >< res) {
  report = http_report_vuln_url(port:port, url:url);
  security_message(port:port, data:report);
  exit(0);
}

exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Nov 2005 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS25
EPSS0.34452
26
.json
Report