Oracle 9iAS Administrative Web Interface Authentication Weakness

high Nessus Network Monitor Plugin ID 1894

Synopsis

The remote Oracle 9i Application Server administrative interface runs on this port.

Description

The remote Oracle 9i Application Server administrative interface runs on this port. Make sure that the access to this interface is restricted to the persons who are in charge of this server.

Solution

Impose Access Control Lists (ACLs) on the administrative interface.

See Also

http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf

Plugin Details

Severity: High

ID: 1894

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11452

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:application_server

Reference Information

CVE: CVE-2002-0561

BID: 4292