Short Name |
HTTP:INFO-LEAK:ORACLE-SQL |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Oracle SQL Configuration Information Leakage |
Release Date |
2004/12/17 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to download the XSQLConfig.xml file used by Oracle Server. This file contains sensitive configuration information.
Oracle 9iAS includes two important configuration files called "XSQLConfig.xml" and "soapConfig.xml". The configuration files contain sensitive information, such as database usernames and passwords. Both of these files are accessible to remote clients without any authentication. It is possible for malicious users to access and read the files through a virtual directory. Possibly sensitive information disclosed to attackers may assist in further attacks.