Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html | Exploit Patch Vendor Advisory |
http://www.osvdb.org/5706 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6438 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2001-05-02 21:00
Updated : 2017-10-09 18:29
NVD link : CVE-2001-0326
Mitre link : CVE-2001-0326
JSON object : View
CWE
Products Affected
oracle
- oracle8i
- application_server