Oracle 9i Application Server 1.0.2 allows remote malicious users to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle application server 1.0.2 |