CVE-2000-1235

high

Description

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

References

http://www.securityfocus.com/bid/2150

http://www.iss.net/security_center/static/5818.php

http://online.securityfocus.com/archive/1/155881

http://archives.neohapsis.com/archives/bugtraq/2000-12/0463.html

http://archives.neohapsis.com/archives/bugtraq/2000-12/0372.html

Details

Source: Mitre, NVD

Published: 2000-12-31

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High