Oracle 9iAS soapdocs Directory Remote Information Disclosure

medium Nessus Plugin ID 11223

Synopsis

The remote web server is affected by an information disclosure issue.

Description

It is possible to access the Oracle 9iAS Application Server's SOAP documentation directory, which contain the install scripts used with the default SOAP install. These files might be useful for an attacker to determine which application server is in use as well as the name of the disk where Oracle is installed.

Note that the default installation of Oracle 9iAS 1.0.2.2 does not seem to suffer this issue.

Solution

Remove the 'soapdocs' alias from the Oracle 9iAS 'http.conf'.

See Also

https://www.oracle.com/technetwork/index.html

http://www.nextgenss.com/papers/hpoas.pdf

Plugin Details

Severity: Medium

ID: 11223

File Name: oracle9i_soapdocs.nasl

Version: 1.21

Type: remote

Family: Databases

Published: 2/11/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:oracle:application_server

Required KB Items: www/OracleApache

Reference Information

CERT-CC: CA-2002-08