Short Name |
HTTP:ORACLE:SOAP-CONF |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Oracle Application Server SOAP Config File Access |
Release Date |
2006/10/20 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Oracle Application Server. In its default configuration, attackers can access the SOAP config file without authentication.
Security issues reportedly exist with Oracle's Simple Object Access Protocol (SOAP) implementation. It is possible for remote attackers to deploy and undeploy SOAP providers and services without valid credentials by default. Further compromise may occur if this vulnerability is exploited in conjunction with others.