HTTP: Oracle Application Server SOAP Config File Access
This signature detects attempts to exploit a known vulnerability against Oracle Application Server. In its default configuration, attackers can access the SOAP config file without authentication.
Extended Description
Security issues reportedly exist with Oracle's Simple Object Access Protocol (SOAP) implementation. It is possible for remote attackers to deploy and undeploy SOAP providers and services without valid credentials by default. Further compromise may occur if this vulnerability is exploited in conjunction with others.
Affected Products
Oracle oracle9i_application_server
Short Name
HTTP:ORACLE:SOAP-CONF
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Access Application CVE-2001-1371 Config File Oracle SOAP Server bid:4289
Release Date
10/20/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3728
False Positive
Unknown
Vendors
Oracle
CVSS Score
7.5