Intrusion Prevention

Oracle9i.PLSQL.Directory.Traversal

Description


It indicates a directory traversal vulnerability in Oracle9i Application Server (AS).


The PL/SQL Apache module for Oracle9i AS provides functionality for remote administration of the Database Access Descriptors and access to help pages. A remote attacker can browse the file system on a target system by sending it a specially-crafted URL.

Affected Products

Any unprotected Oracle Oracle9i Application Server is vulnerable to the attack.

Impact

Attackers can access sensitive information on the victim system.

Recommended Actions


Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

CVE References

CVE-2001-1217