Intrusion Prevention



It indicates a directory traversal vulnerability in Oracle9i Application Server (AS).

The PL/SQL Apache module for Oracle9i AS provides functionality for remote administration of the Database Access Descriptors and access to help pages. A remote attacker can browse the file system on a target system by sending it a specially-crafted URL.

Affected Products

Any unprotected Oracle Oracle9i Application Server is vulnerable to the attack.


Attackers can access sensitive information on the victim system.

Recommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

CVE References