Short Name |
HTTP:ORACLE:CONF-ACCESS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Configuration Disclosure Anonymous Access |
Release Date |
2006/10/20 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attemps to access configuration files. These files contain sensitive information about Oracle services configuration.
Oracle 9iAS installations include the Apache web server and several Apache services which are installed by default. On default installations of Oracle 9iAS, unauthenticated remote users can view sensitive services, including Dynamic Monitoring Services.