Oracle HTTP Listener Default Web Page Detection

medium Nessus Network Monitor Plugin ID 2516

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running the Oracle HTTP Configuration interface. This interface allows anonymous users to view configuration details. In addition, an attacker may be able to make configuration changes if the default settings are in place.

Solution

Lock down or remove the Oracle HTTP Configuration interface.

See Also

http://online.securityfocus.com/archive/1/155881

Plugin Details

Severity: Medium

ID: 2516

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 10849

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Reference Information

CVE: CVE-2000-1235