2 matches found
CVE-2001-1372
CVE-2001-1372 affects Oracle 9i Application Server (AS) 1.0.2. It enables an attacker to disclose the server’s physical webroot path by requesting a non-existent .JSP file, because the default error message leaks the pathname. The vulnerability is a information disclosure issue, with CVSS-like co...
Oracle 9iAS Nonexistent .jsp File Request Error Message Path Disclosure
Oracle 9iAS allows remote attackers to obtain the physical path of a file under the server root via a request for a nonexistent .JSP file. The default error generated leaks the pathname in an error message. %NASLMINLEVEL 70300 This script was written by Javier Fernandez-Sanguino This software is...